Home > Vulnerability Database > CVE-2019-18679

Mend.io Vulnerability Database

CVE-2019-18679

Date: November 26, 2019

An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.

Language: C

Severity Score

7.5

Related Resources (19)

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/

Url: http://www.squid-cache.org/Advisories/SQUID-2019_11.txt

Url: https://access.redhat.com/security/cve/CVE-2019-18679

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-18679

Url: https://security-tracker.debian.org/tracker/CVE-2019-18679

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/

Url: http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch

Url: https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html

Url: https://www.debian.org/security/2020/dsa-4682

Url: https://security.gentoo.org/glsa/202003-34

Url: https://usn.ubuntu.com/4213-1/

Url: https://github.com/squid-cache/squid/pull/491

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2019-18679

Url: https://security.alpinelinux.org/vuln/CVE-2019-18679

Url: https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html

Url: https://bugzilla.suse.com/show_bug.cgi?id=1156324

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/

Url: https://www.mend.io/vulnerability-database/CVE-2019-18679

Severity Score

7.5

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-18679

Date: November 26, 2019

Language: C

Severity Score

Related Resources (19)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?