CVE-2019-18679
Description
An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
38.425
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Web proxy cache server (USN-4213-1) squid_4.4-1ubuntu2.3_i386.deb | Linux |
| Web proxy cache server (USN-4213-1) squid_4.4-1ubuntu2.3_amd64.deb | Linux |
| Web proxy cache server (USN-4213-1) squid_4.8-1ubuntu2.1_i386.deb | Linux |
| Web proxy cache server (USN-4213-1) squid_4.8-1ubuntu2.1_amd64.deb | Linux |
| Web proxy cache server (USN-4213-1) squid3_3.5.12-1ubuntu7.9_all.deb | Linux |
| Web proxy cache server (USN-4213-1) squid3_3.5.27-1ubuntu1.4_all.deb | Linux |
| squid security update(DSA-4682-1) squid_4.6-1+deb10u2_i386.deb | Linux |
| squid security update(DSA-4682-1) squid_4.6-1+deb10u2_amd64.deb | Linux |
| (RHSA-2020:4743) squid:4 security, bug fix, and enhancement update squid-4.11-3.module+el8.3.0+7851+7808b5f9.x86_64.rpm | Linux |
| (RHSA-2020:4743) squid:4 security, bug fix, and enhancement update squid-debugsource-4.11-3.module+el8.3.0+7851+7808b5f9.x86_64.rpm | Linux |
| Web proxy cache server (USN-4213-1) squid3_3.5.27-1ubuntu1.4_all.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234