---

CVE-2019-18679 - log back

CVE-2019-18679 edited at 07 Nov 2019 11:21:11

Description

+ An information disclosure issue has been found in Squid before 4.9, when processing HTTP Digest Authentication. The nonce tokens contain the raw byte value of a pointer which sits within heap memory allocation, which reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks. - An information disclosure issue has been found in Squid before 4.9, when processing HTTP Digest Authentication. The nonce tokens contain the raw byte value of a pointer which sits - within heap memory allocation, which reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.

CVE-2019-18679 edited at 07 Nov 2019 09:37:17
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Information disclosure
Description	+ An information disclosure issue has been found in Squid before 4.9, when processing HTTP Digest Authentication. The nonce tokens contain the raw byte value of a pointer which sits + within heap memory allocation, which reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.
References	+ http://www.squid-cache.org/Advisories/SQUID-2019_11.txt + http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patc
Notes

CVE-2019-18679 created at 07 Nov 2019 09:34:47