Unrated severityNVD Advisory· Published Nov 26, 2019· Updated Aug 5, 2024
CVE-2019-18679
CVE-2019-18679
Description
An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
26- Squid/Squiddescription
- osv-coords24 versionspkg:rpm/almalinux/libecappkg:rpm/almalinux/libecap-develpkg:rpm/opensuse/squid&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/squid&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/squid&distro=openSUSE%20Tumbleweedpkg:rpm/suse/squid3&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/squid3&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/squid&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/squid&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP1pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/squid&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/squid&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/squid&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208
< 1.0.1-2.module_el8.6.0+2741+01592ae8+ 23 more
- (no CPE)range: < 1.0.1-2.module_el8.6.0+2741+01592ae8
- (no CPE)range: < 1.0.1-2.module_el8.6.0+2741+01592ae8
- (no CPE)range: < 4.9-lp150.13.1
- (no CPE)range: < 4.9-lp151.2.7.1
- (no CPE)range: < 4.16-1.5
- (no CPE)range: < 3.1.23-8.16.37.12.1
- (no CPE)range: < 3.1.23-8.16.37.12.1
- (no CPE)range: < 3.5.21-26.20.1
- (no CPE)range: < 3.5.21-26.20.1
- (no CPE)range: < 4.9-5.11.1
- (no CPE)range: < 4.9-5.11.1
- (no CPE)range: < 3.5.21-26.20.1
- (no CPE)range: < 3.5.21-26.20.1
- (no CPE)range: < 3.5.21-26.20.1
- (no CPE)range: < 3.5.21-26.20.1
- (no CPE)range: < 3.5.21-26.20.1
- (no CPE)range: < 4.9-4.3.2
- (no CPE)range: < 3.5.21-26.20.1
- (no CPE)range: < 3.5.21-26.20.1
- (no CPE)range: < 3.5.21-26.20.1
- (no CPE)range: < 4.9-4.3.2
- (no CPE)range: < 3.5.21-26.20.1
- (no CPE)range: < 3.5.21-26.20.1
- (no CPE)range: < 3.5.21-26.20.1
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
11- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/mitrevendor-advisoryx_refsource_FEDORA
- security.gentoo.org/glsa/202003-34mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/4213-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2020/dsa-4682mitrevendor-advisoryx_refsource_DEBIAN
- www.squid-cache.org/Advisories/SQUID-2019_11.txtmitrex_refsource_CONFIRM
- www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patchmitrex_refsource_CONFIRM
- bugzilla.suse.com/show_bug.cgimitrex_refsource_CONFIRM
- github.com/squid-cache/squid/pull/491mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2019/12/msg00011.htmlmitremailing-listx_refsource_MLIST
- lists.debian.org/debian-lts-announce/2020/07/msg00009.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.