admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2019/CVE-2019-186xx/CVE-2019-18679.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

280 lines
9.3 KiB
JSON
Raw Blame History

{
"id": "CVE-2019-18679",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-11-26T17:15:13.047",
"lastModified": "2020-07-11T00:15:14.447",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Squid versiones 2.x, 3.x y versiones 4.x hasta 4.8. Debido a una gesti\u00f3n de datos incorrecta, es vulnerable a una divulgaci\u00f3n de informaci\u00f3n cuando se procesa HTTP Digest Authentication. Los tokens Nonce contienen el valor de byte sin procesar de un puntero que se encuentra dentro de la asignaci\u00f3n de memoria heap. Esta informaci\u00f3n reduce las protecciones de ASLR y puede ayudar a atacantes a aislar \u00e1reas de memoria para apuntar ataques de ejecuci\u00f3n de c\u00f3digo remota."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0",
"versionEndIncluding": "2.7",
"matchCriteriaId": "466DF174-7C87-4D0E-B10D-F3F88014D9F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0",
"versionEndIncluding": "3.5.28",
"matchCriteriaId": "FC9F2659-B37B-4E7B-AE40-B91BF3CE4E88"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0",
"versionEndIncluding": "4.8",
"matchCriteriaId": "A278895E-7005-4F4B-8649-A013F60E33D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable2:*:*:*:*:*:*",
"matchCriteriaId": "EFBB466C-C679-4B4B-87C2-E7853E5B3F04"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable3:*:*:*:*:*:*",
"matchCriteriaId": "A03692DD-779F-4E3C-861C-29943870A816"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable4:*:*:*:*:*:*",
"matchCriteriaId": "79FF6B3C-A3CE-4AA2-80F9-44D05A6B2F08"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable5:*:*:*:*:*:*",
"matchCriteriaId": "3CF6E367-D33B-4B60-8C40-4618C47D53E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable6:*:*:*:*:*:*",
"matchCriteriaId": "0FA1F4FE-629C-4489-A13C-017A824C840F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable7:*:*:*:*:*:*",
"matchCriteriaId": "2479C5BF-94E1-4153-9FA3-333BC00F01D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable8:*:*:*:*:*:*",
"matchCriteriaId": "8ABFCCCC-7584-466E-97CC-6EBD3934A70E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable9:*:*:*:*:*:*",
"matchCriteriaId": "F17E49BF-FB11-4EE6-B6AC-30914F381B2F"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33"
}
]
}
]
}
],
"references": [
{
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_11.txt",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch",
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156324",
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://github.com/squid-cache/squid/pull/491",
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/",
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/",
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202003-34",
"source": "cve@mitre.org"
},
{
"url": "https://usn.ubuntu.com/4213-1/",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2020/dsa-4682",
"source": "cve@mitre.org"
}
]
}
Reference in New Issue View Git Blame Copy Permalink