CVE-2020-11945

CRITICAL

Squid 3.0-3.5.27 - Integer Overflow in Digest Authentication Nonce Counter

Title source: llm
STIX 2.1

Description

An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials).

References (15)

Core 15
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/squid-cache/squid/pull/585
Mailing List, Third Party Advisory x_refsource_confirm
http://www.openwall.com/lists/oss-security/2020/04/23/2
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.suse.com/show_bug.cgi?id=1170313
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2020/dsa-4682
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202005-05
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4356-1/
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210304-0004/

Scores

CVSS v3 9.8
EPSS 0.2848
EPSS Percentile 96.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-190
Status published
Products (11)
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 18.04
canonical/ubuntu_linux 19.10
canonical/ubuntu_linux 20.04
debian/debian_linux 9.0
debian/debian_linux 10.0
fedoraproject/fedora 30
fedoraproject/fedora 31
fedoraproject/fedora 32
opensuse/leap 15.1
... and 1 more
Published Apr 23, 2020
Tracked Since Feb 18, 2026