CVE-2019-18679 vulnerability in Squid Cache and Other Products
Published on November 26, 2019

An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2019-18679

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-18679 are published in these products:

Squid Cache Squid

Canonical Ubuntu Linux

Debian Linux

Fedora Project Fedora

Exploit Probability

EPSS

38.43%

Percentile

97.17%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2019-18679 vulnerability in Squid Cache and Other ProductsPublished on November 26, 2019

Products Associated with CVE-2019-18679

Exploit Probability

CVE-2019-18679 vulnerability in Squid Cache and Other Products
Published on November 26, 2019