FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

squid -- Vulnerable to HTTP Digest Authentication

Affected packages
squid < 4.9


VuXML ID 620685d6-0aa3-11ea-9673-4c72b94353b5
Discovery 2019-11-05
Entry 2019-11-19

Squid Team reports:

Problem Description: Due to incorrect data management Squid is vulnerable to a information disclosure when processing HTTP Digest Authentication.

Severity: Nonce tokens contain the raw byte value of a pointer which sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.


CVE Name CVE-2019-18679