vulnerability

FreeBSD: VID-620685d6-0aa3-11ea-9673-4c72b94353b5 (CVE-2019-18679): squid -- Vulnerable to HTTP Digest Authentication

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	Nov 19, 2019	Nov 19, 2019	Mar 25, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Nov 19, 2019

Added

Nov 19, 2019

Modified

Mar 25, 2026

Description

Squid Team reports: Problem Description: Due to incorrect data management Squid is vulnerable to a information disclosure when processing HTTP Digest Authentication. Severity: Nonce tokens contain the raw byte value of a pointer which sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.

Solution

freebsd-upgrade-package-squid

References

CVE-2019-18679
https://attackerkb.com/topics/CVE-2019-18679
CWE-200
EUVD-EUVD-2019-8395
https://euvd.enisa.europa.eu/vulnerability/EUVD-2019-8395

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report