CVE-2019-18679

An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.

CVSS v3.0 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://github.com/squid-cache/squid/pull/491	Patch Third Party Advisory
http://www.squid-cache.org/Advisories/SQUID-2019_11.txt	Third Party Advisory
http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch	Release Notes
https://bugzilla.suse.com/show_bug.cgi?id=1156324	Issue Tracking Third Party Advisory
https://usn.ubuntu.com/4213-1/	Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html	Third Party Advisory
https://security.gentoo.org/glsa/202003-34
https://www.debian.org/security/2020/dsa-4682
https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:squid-cache:squid::::::::
	cpe:2.3:a:squid-cache:squid:2.7:stable2::::::
	cpe:2.3:a:squid-cache:squid:2.7:stable3::::::
	cpe:2.3:a:squid-cache:squid:2.7:stable4::::::
	cpe:2.3:a:squid-cache:squid:2.7:stable5::::::
	cpe:2.3:a:squid-cache:squid:2.7:stable6::::::
	cpe:2.3:a:squid-cache:squid:2.7:stable7::::::
	cpe:2.3:a:squid-cache:squid:2.7:stable8::::::
	cpe:2.3:a:squid-cache:squid:2.7:stable9::::::
	cpe:2.3:a:squid-cache:squid::::::::
	cpe:2.3:a:squid-cache:squid::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:19.10:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:fedoraproject:fedora:30:::::::*
	cpe:2.3:o:fedoraproject:fedora:31:::::::*

Information

Published : 2019-11-26 09:15

Updated : 2020-07-10 17:15

NVD link : CVE-2019-18679

Mitre link : CVE-2019-18679

JSON object : View

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Products Affected

debian

debian_linux

canonical

ubuntu_linux

fedoraproject

fedora

squid-cache

squid

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/squid-cache/squid/pull/491", "name": "https://github.com/squid-cache/squid/pull/491", "tags": ["Patch", "Third Party Advisory"], "refsource": "MISC"}, {"url": "http://www.squid-cache.org/Advisories/SQUID-2019_11.txt", "name": "http://www.squid-cache.org/Advisories/SQUID-2019_11.txt", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch", "name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch", "tags": ["Release Notes"], "refsource": "CONFIRM"}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156324", "name": "https://bugzilla.suse.com/show_bug.cgi?id=1156324", "tags": ["Issue Tracking", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://usn.ubuntu.com/4213-1/", "name": "USN-4213-1", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/", "name": "FEDORA-2019-0b16cbdd0e", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "FEDORA"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/", "name": "FEDORA-2019-9538783033", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "FEDORA"}, {"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html", "name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2028-1] squid3 security update", "tags": ["Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://security.gentoo.org/glsa/202003-34", "name": "GLSA-202003-34", "tags": [], "refsource": "GENTOO"}, {"url": "https://www.debian.org/security/2020/dsa-4682", "name": "DSA-4682", "tags": [], "refsource": "DEBIAN"}, {"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", "name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", "tags": [], "refsource": "MLIST"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-200"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-18679", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}}, "publishedDate": "2019-11-26T17:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.7", "versionStartIncluding": "2.0"}, {"cpe23Uri": "cpe:2.3:a:squid-cache:squid:2.7:stable2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:squid-cache:squid:2.7:stable3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:squid-cache:squid:2.7:stable4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:squid-cache:squid:2.7:stable5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:squid-cache:squid:2.7:stable6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:squid-cache:squid:2.7:stable7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:squid-cache:squid:2.7:stable8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:squid-cache:squid:2.7:stable9:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3.5.28", "versionStartIncluding": "3.0"}, {"cpe23Uri": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "4.8", "versionStartIncluding": "4.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2020-07-11T00:15Z"}

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2019-18679

7.5^/10

5.0^/10

Attach tags to `CVE-2019-18679`