DEBIAN-CVE-2019-18679

DEBIAN-CVE-2019-18679 PUBLISHED CVSS 7.5 HIGH

An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
Debian:13	squid	0, 0, 0
Debian:14	squid	0, 0, 0
Debian:11	squid	0, 0, 0
Debian:12	squid	0, 0, 0

Timeline

Nov 26, 2019 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2019-18679 advisory

Open in Interactive Console →