An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.
                
            Metrics
Affected Vendors & Products
References
        History
                    No history.
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: mitre
Published: 2019-11-26T16:14:03
Updated: 2024-08-05T02:02:39.623Z
Reserved: 2019-11-04T00:00:00
Link: CVE-2019-18679
 Vulnrichment
                        Vulnrichment
                    No data.
 NVD
                        NVD
                    Status : Modified
Published: 2019-11-26T17:15:13.047
Modified: 2024-11-21T04:33:31.133
Link: CVE-2019-18679
 Redhat
                        Redhat