PT-2019-5770 · Squid+7 · Squid+8

David Fifield

Publicado

2019-11-14

Atualizado

2024-06-15

CVE-2019-18679

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Squid versions 2.x through 4.8

Description The issue is related to incorrect data management in HTTP Digest Authentication processing, leading to information disclosure. Nonce tokens contain raw byte values of pointers within heap memory allocation, which reduces ASLR protections and may aid attackers in isolating memory areas for remote code execution attacks. This vulnerability allows a remote attacker to access confidential data.

Recommendations For Squid versions 2.x through 4.8, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

ALSA-2020:4743

ALT-PU-2020-1479

ALT-PU-2020-1494

BDU:2021-01719

CESA-2020_4743

CVE-2019-18679

DLA-2028-1

DLA-2278-1

DSA-4682-1

MGASA-2019-0382

OPENSUSE-SU-2019:2540-1

OPENSUSE-SU-2019:2541-1

OPENSUSE-SU-2019_2540-1

OPENSUSE-SU-2019_2541-1

OPENSUSE-SU-2024:11403-1

RHSA-2020:4743

RHSA-2020_4743

RLSA-2020:4743

SUSE-SU-2019:2975-1

SUSE-SU-2019:3067-1

SUSE-SU-2020:0661-1

SUSE-SU-2020:14460-1

USN-4213-1

Produtos afetados

Alt Linux

Almalinux

Centos

Red Hat

Rocky Linux

Squid

Squid Cache

Suse

Ubuntu

PT-2019-5770 · Squid+7 · Squid+8

CVE-2019-18679

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 166