Home

CVE-2020-11945

Description

An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials).

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
28.475

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2020:2040) squid security update squid-3.5.20-15.el7_8.1.x86_64.rpmLinux
(RHSA-2020:2040) squid security update squid-migration-script-3.5.20-15.el7_8.1.x86_64.rpmLinux
(RHSA-2020:2040) squid security update squid-sysvinit-3.5.20-15.el7_8.1.x86_64.rpmLinux
squid security update(DSA-4682-1) squid_4.6-1+deb10u2_i386.debLinux
squid security update(DSA-4682-1) squid_4.6-1+deb10u2_amd64.debLinux
SUSE-SU-2020:1227-1(SUSE Linux Enterprise Server 12-SP4 ) squid-3.5.21-26.23.1.x86_64.rpmLinux
SUSE-SU-2020:1227-1(SUSE Linux Enterprise Server 12-SP4 ) squid-debuginfo-3.5.21-26.23.1.x86_64.rpmLinux
SUSE-SU-2020:1227-1(SUSE Linux Enterprise Server 12-SP4 ) squid-debugsource-3.5.21-26.23.1.x86_64.rpmLinux
Web proxy cache server (USN-4356-1) squid_4.8-1ubuntu2.3_i386.debLinux
Web proxy cache server (USN-4356-1) squid_4.8-1ubuntu2.3_amd64.debLinux
Web proxy cache server (USN-4356-1) squid_4.10-1ubuntu1.1_amd64.debLinux
Web proxy cache server (USN-4356-1) squid_3.5.27-1ubuntu1.6_i386.debLinux
Web proxy cache server (USN-4356-1) squid_3.5.27-1ubuntu1.6_amd64.debLinux
Web proxy cache server (USN-4356-1) squid_3.5.12-1ubuntu7.11_i386.debLinux
Web proxy cache server (USN-4356-1) squid_3.5.12-1ubuntu7.11_amd64.debLinux
(RHSA-2020:2041) squid:4 security update libecap-1.0.1-2.module+el8.1.0+4044+36416a77.x86_64.rpmLinux
(RHSA-2020:2041) squid:4 security update libecap-debugsource-1.0.1-2.module+el8.1.0+4044+36416a77.x86_64.rpmLinux
(RHSA-2020:2041) squid:4 security update libecap-devel-1.0.1-2.module+el8.1.0+4044+36416a77.x86_64.rpmLinux
(RHSA-2020:2041) squid:4 security update squid-4.4-8.module+el8.2.0+6449+6ba3df3e.1.x86_64.rpmLinux
(RHSA-2020:2041) squid:4 security update squid-debugsource-4.4-8.module+el8.2.0+6449+6ba3df3e.1.x86_64.rpmLinux
Libecap update (ELSA-2020-2041) libecap-1.0.1-2.module+el8.1.0+5405+03b963f4.x86_64.rpmLinux
Libecap-devel update (ELSA-2020-2041) libecap-devel-1.0.1-2.module+el8.1.0+5405+03b963f4.x86_64.rpmLinux
Squid update (ELSA-2020-2041) squid-4.4-8.module+el8.2.0+7611+d512f060.1.x86_64.rpmLinux
Squid update (ELSA-2020-4082) squid-3.5.20-17.el7_9.4.x86_64.rpmLinux
Squid-migration-script update (ELSA-2020-4082) squid-migration-script-3.5.20-17.el7_9.4.x86_64.rpmLinux
Squid-sysvinit update (ELSA-2020-4082) squid-sysvinit-3.5.20-17.el7_9.4.x86_64.rpmLinux
(CESA-2020:2040) squid security update squid-3.5.20-15.el7_8.1.x86_64.rpmLinux
(CESA-2020:2040) squid security update squid-migration-script-3.5.20-15.el7_8.1.x86_64.rpmLinux
(CESA-2020:2040) squid security update squid-sysvinit-3.5.20-15.el7_8.1.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234