CVE-2019-18679 - log back

CVE-2019-18679 edited at 07 Nov 2019 11:21:11
Description
+ An information disclosure issue has been found in Squid before 4.9, when processing HTTP Digest Authentication. The nonce tokens contain the raw byte value of a pointer which sits within heap memory allocation, which reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.
- An information disclosure issue has been found in Squid before 4.9, when processing HTTP Digest Authentication. The nonce tokens contain the raw byte value of a pointer which sits
- within heap memory allocation, which reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.
CVE-2019-18679 edited at 07 Nov 2019 09:37:17
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Information disclosure
Description
+ An information disclosure issue has been found in Squid before 4.9, when processing HTTP Digest Authentication. The nonce tokens contain the raw byte value of a pointer which sits
+ within heap memory allocation, which reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.
References
+ http://www.squid-cache.org/Advisories/SQUID-2019_11.txt
+ http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patc
Notes
CVE-2019-18679 created at 07 Nov 2019 09:34:47