vulnerability

FreeBSD: VID-620685d6-0aa3-11ea-9673-4c72b94353b5 (CVE-2019-18679): squid -- Vulnerable to HTTP Digest Authentication

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	Nov 19, 2019	Nov 19, 2019	Dec 10, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Nov 19, 2019

Added

Nov 19, 2019

Modified

Dec 10, 2025

Description

Squid Team reports: Problem Description: Due to incorrect data management Squid is vulnerable to a information disclosure when processing HTTP Digest Authentication. Severity: Nonce tokens contain the raw byte value of a pointer which sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.

Solution

freebsd-upgrade-package-squid

References

CVE-2019-18679
https://attackerkb.com/topics/CVE-2019-18679
CWE-200

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today