CVE-2020-11945: Integer Overflow
First published: Thu Apr 23 2020(Updated: )
An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials).
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Squid-Cache Squid | >=3.0<=3.5.28 | |
| Squid-Cache Squid | >=4.0<4.11 | |
| Squid-Cache Squid | >=5.0<5.0.2 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| openSUSE Leap | =15.1 | |
| Fedoraproject Fedora | =30 | |
| Fedoraproject Fedora | =31 | |
| Fedoraproject Fedora | =32 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =18.04 | |
| Canonical Ubuntu Linux | =19.10 | |
| Canonical Ubuntu Linux | =20.04 | |
| ubuntu/squid | <4.10-1ubuntu1.1 | 4.10-1ubuntu1.1 |
| ubuntu/squid | <4.10-1ubuntu2 | 4.10-1ubuntu2 |
| ubuntu/squid | <4.8-1ubuntu2.3 | 4.8-1ubuntu2.3 |
| ubuntu/squid | <4.10-1ubuntu2 | 4.10-1ubuntu2 |
| ubuntu/squid | <4.11 | 4.11 |
| ubuntu/squid3 | <3.5.27-1ubuntu1.6 | 3.5.27-1ubuntu1.6 |
| ubuntu/squid3 | <3.5.12-1ubuntu7.11 | 3.5.12-1ubuntu7.11 |
| debian/squid | 4.6-1+deb10u7 4.6-1+deb10u10 4.13-10+deb11u2 4.13-10+deb11u3 5.7-2 5.7-2+deb12u1 6.6-1 6.9-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html
- http://master.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch
- http://www.openwall.com/lists/oss-security/2020/04/23/2
- http://www.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch
- https://bugzilla.suse.com/show_bug.cgi?id=1170313
- https://github.com/squid-cache/squid/commit/eeebf0f37a72a2de08348e85ae34b02c34e9a811
- https://github.com/squid-cache/squid/pull/585
- https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4FWQRYZJPHAZBLXJ56FPCHJN5X2FP3VA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4MWXEZAJSOGRJSS2JCJK4WBSND4IV46/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RV2VZWFJNO3B56IVN56HHKJASG5DYUIX/
- https://security.gentoo.org/glsa/202005-05
- https://security.netapp.com/advisory/ntap-20210304-0004/
- https://usn.ubuntu.com/4356-1/
- https://www.debian.org/security/2020/dsa-4682
- https://launchpad.net/bugs/cve/CVE-2020-11945
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4FWQRYZJPHAZBLXJ56FPCHJN5X2FP3VA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4MWXEZAJSOGRJSS2JCJK4WBSND4IV46/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RV2VZWFJNO3B56IVN56HHKJASG5DYUIX/
- http://www.squid-cache.org/Advisories/SQUID-2020_4.txt
- https://security-tracker.debian.org/tracker/CVE-2020-11945
- https://ubuntu.com/security/notices/USN-4356-1
- https://www.cve.org/CVERecord?id=CVE-2020-11945
- https://nvd.nist.gov/vuln/detail/CVE-2020-11945
- https://ubuntu.com/security/CVE-2020-11945
Frequently Asked Questions
What is CVE-2020-11945?
CVE-2020-11945 is a vulnerability discovered in Squid versions before 5.0.2 that allows a remote attacker to gain unauthorized access to resources by replaying a sniffed Digest Authentication nonce.
What is the severity of CVE-2020-11945?
CVE-2020-11945 has a severity level of critical with a CVSS score of 9.8.
How can an attacker exploit CVE-2020-11945?
An attacker can exploit CVE-2020-11945 by overflowing the nonce reference counter, potentially leading to remote code execution.
Which versions of Squid are affected by CVE-2020-11945?
Squid versions before 5.0.2 are affected by CVE-2020-11945.
How can I fix CVE-2020-11945?
To fix CVE-2020-11945, you should update Squid to version 5.0.2 or later.
- collector/nvd-index
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/references
- agent/remedy
- agent/weakness
- agent/severity
- agent/tags
- agent/event
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/description
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- vendor/squid-cache
- canonical/squid-cache squid
- version/squid-cache squid/3.0
- version/squid-cache squid/3.5.28
- version/squid-cache squid/4.0
- version/squid-cache squid/5.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.1
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/30
- version/fedoraproject fedora/31
- version/fedoraproject fedora/32
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/18.04
- version/canonical ubuntu linux/19.10
- version/canonical ubuntu linux/20.04
- package-manager/debian
- package-manager/ubuntu