CVE-2020-11945
- Source
- https://cve.org/CVERecord?id=CVE-2020-11945
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11945.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-11945
- Downstream
- Related
- Published
- 2020-04-23T15:15:14.233Z
- Modified
- 2026-03-10T22:58:43.530396Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials).
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4FWQRYZJPHAZBLXJ56FPCHJN5X2FP3VA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4MWXEZAJSOGRJSS2JCJK4WBSND4IV46/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RV2VZWFJNO3B56IVN56HHKJASG5DYUIX/
- https://www.debian.org/security/2020/dsa-4682
- https://usn.ubuntu.com/4356-1/
- http://www.openwall.com/lists/oss-security/2020/04/23/2
- https://security.netapp.com/advisory/ntap-20210304-0004/
- https://security.gentoo.org/glsa/202005-05
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html
- http://master.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch
- https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html
- https://bugzilla.suse.com/show_bug.cgi?id=1170313
- http://www.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch
- https://github.com/squid-cache/squid/commit/eeebf0f37a72a2de08348e85ae34b02c34e9a811
- https://github.com/squid-cache/squid/pull/585
Affected packages
Git / github.com/squid-cache/squid
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11945.json"
vanir_signatures
[
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "67694868943562031426867548165551445569",
"length": 100.0
},
"source": "https://github.com/squid-cache/squid/commit/eeebf0f37a72a2de08348e85ae34b02c34e9a811",
"signature_type": "Function",
"id": "CVE-2020-11945-95d03fd5",
"target": {
"file": "src/auth/digest/Config.cc",
"function": "authDigestNonceLinks"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"312035431352774975245205945866455267692",
"127614888837209980977490773844017997328",
"135588185159393913533626977155847267680",
"102454058108144165087047766188167704255"
]
},
"source": "https://github.com/squid-cache/squid/commit/eeebf0f37a72a2de08348e85ae34b02c34e9a811",
"signature_type": "Line",
"id": "CVE-2020-11945-9e904d95",
"target": {
"file": "src/auth/digest/Config.h"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"338161685995787453028451825167785309475",
"140955325328919288341820778626349923389",
"4145077588753404222881979534001723466",
"110561542417632611016072614197889584810",
"129407750181244320020778213567084638291",
"228308081954307758122148219118506646516",
"202661084589309383047478172927329929327",
"124711009615817150745696439295484893323",
"71985290021380143159143221557628222363",
"339350136142636425663541903394561553847",
"288051683732187031973044283287329409022",
"258739234321288731406580467410176032181",
"330863924253968778429986951911762724958",
"211279373868081939640311278532833562852",
"78507472701961014960551386346382340872",
"250004226996742682635911950554513026132",
"84951658753368259976784305259451228665",
"80676065707016793651073899688758426989",
"325457318407040229138974783324638666926",
"100322358462259558893253727923964263608",
"176902589630817361748307934918769115416"
]
},
"source": "https://github.com/squid-cache/squid/commit/eeebf0f37a72a2de08348e85ae34b02c34e9a811",
"signature_type": "Line",
"id": "CVE-2020-11945-cd931e67",
"target": {
"file": "src/auth/digest/Config.cc"
}
},
{
"deprecated": false,
"signature_version": "v1",
"digest": {
"function_hash": "133251268618066714835484527439919811976",
"length": 187.0
},
"source": "https://github.com/squid-cache/squid/commit/eeebf0f37a72a2de08348e85ae34b02c34e9a811",
"signature_type": "Function",
"id": "CVE-2020-11945-dd7cdc93",
"target": {
"file": "src/auth/digest/Config.cc",
"function": "authDigestNonceLink"
}
}
]
unresolved_ranges
[
{
"events": [
{
"introduced": "3.0"
},
{
"last_affected": "3.5.28"
}
]
},
{
"events": [
{
"introduced": "4.0"
},
{
"fixed": "4.11"
}
]
},
{
"events": [
{
"introduced": "5.0"
},
{
"fixed": "5.0.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "10.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "15.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "30"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "31"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "18.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "19.10"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "20.04"
}
]
}
]