Information disclosure in squid (Alpine package)

1) Information disclosure

EUVDB-ID: #VU22589

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-18679

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to incorrect data management when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer which sits within heap memory allocation. This allows a remote attacker to gain knowledge of memory allocations and bypass ASLR protection and help in exploitation of other vulnerabilities.

Mitigation

Install update from vendor's website.

Vulnerable software versions

squid (Alpine package): 3.2.2-r0 - 3.5.27-r3

External links

http://git.alpinelinux.org/aports/commit/?id=3db264c1978654cc19d61a5feaf1b0ee54e0a85b
http://git.alpinelinux.org/aports/commit/?id=225360732093a00d6a58a6e626b26e6794a4739c
http://git.alpinelinux.org/aports/commit/?id=a4301166888c0e2c8a72be8e5d3ec1747a6ab6bf
http://git.alpinelinux.org/aports/commit/?id=a2e4a10786598b2f40879a608a3090b4f1242065
http://git.alpinelinux.org/aports/commit/?id=e669c04c87f3b6f9826273154aebe26e89d75dc8
http://git.alpinelinux.org/aports/commit/?id=49fa120aba707913031864610f9f1e8c9611cc06
http://git.alpinelinux.org/aports/commit/?id=9655dce42705c52e44b4db28575cc7e05835bdc9
http://git.alpinelinux.org/aports/commit/?id=c960394d423ce258a68bf53364ae13b6e331d8fe

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.