CVE-2019-18679
HIGH7.5EPSS 44.1%發布日:2019/11/26修改日:2025/12/3
也稱為:ALPINE-CVE-2019-18679DEBIAN-CVE-2019-18679
描述
An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.
受影響套件(2)
- Alpine/squidfrom 0, < 4.8-r1
- Debian/squidfrom 0, < 4.9-1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |