SB2020121111 - Integer overflow in squid (Alpine package)

Description

This security bulletin contains information about 1 vulnerability.

1) Integer overflow (CVE-ID: CVE-2020-11945)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow when processing HTTP Digest Authentication tokens, if memory pooling is disabled. A remote attacker can pass a specially crafted authentication nonce and execute arbitrary code on the server through the free'd nonce credentials.

In case memory pooling is enabled, a remote attacker can replay a sniffed Digest Authentication nonce to gain access  to resources that are otherwise forbidden.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

References

• https://git.alpinelinux.org/aports/commit/?id=823d50238d98c0b70173658a2d33512cc2e63e37
• https://git.alpinelinux.org/aports/commit/?id=f4d966b537973146330fd5be1079dc392095617d
• https://git.alpinelinux.org/aports/commit/?id=5e6172c90ca3b243a8f1143da08e3c2101764ba5