VDB

ALPINE-CVE-2019-18679

ALPINE-CVE-2019-18679 PUBLISHED CVSS 7.5 HIGH

An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.

Risk Scores

CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersions
Alpine:v3.14squid0, 2.7.6-r0, 2.7.6-r1
Alpine:v3.11squid4.2-r1, 4.8-r1, 4.8-r0
Alpine:v3.18squid2.7.6-r10, 4.8-r1, 4.8-r0
Alpine:v3.17squid3.5.15-r0, 4.8-r1, 4.8-r0
Alpine:v3.9squid0, 4.8-r0, 4.4-r1
Alpine:v3.16squid2.7.6-r8, 0, 4.8-r1
Alpine:v3.20squid0, 3.5.13-r0, 3.5.14-r0
Alpine:v3.10squid3.3.11-r0, 2.7.6-r1, 2.7.6-r10
Alpine:v3.23squid3.4.6-r0, 0, 4.8-r1
Alpine:v3.15squid3.5.20-r1, 3.5.5-r0, 3.5.6-r0
Alpine:v3.13squid3.5.4-r1, 3.5.5-r0, 3.5.6-r0
Alpine:v3.22squid3.2.0.13-r0, 2.7.7-r2, 3.2.0.12-r4
Alpine:v3.19squid2.7.7-r2, 4.8-r1, 4.8-r0
Alpine:v3.21squid3.5.4-r0, 3.5.5-r0, 3.5.6-r0
Alpine:v3.12squid0, 2.7.6-r5, 2.7.7-r1

Timeline

  • Nov 26, 2019 CVE Published
  • Dec 3, 2025 CVE Updated
  • Apr 30, 2026 Distribution Patch

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›