Integer overflow in squid (Alpine package)

Published: 2020-12-11

Risk	High
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2020-11945
CWE-ID	CWE-190
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	squid (Alpine package) Operating systems & Components / Operating system package or component
Vendor	Alpine Linux Development Team

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Integer overflow

EUVDB-ID: #VU27666

Risk: High

CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2020-11945

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow when processing HTTP Digest Authentication tokens, if memory pooling is disabled. A remote attacker can pass a specially crafted authentication nonce and execute arbitrary code on the server through the free'd nonce credentials.

In case memory pooling is enabled, a remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

squid (Alpine package): 3.2.2-r0 - 4.13-r0

CPE2.3

External links

https://git.alpinelinux.org/aports/commit/?id=823d50238d98c0b70173658a2d33512cc2e63e37
https://git.alpinelinux.org/aports/commit/?id=f4d966b537973146330fd5be1079dc392095617d
https://git.alpinelinux.org/aports/commit/?id=5e6172c90ca3b243a8f1143da08e3c2101764ba5

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.