Main Vulnerability Database SB2020050737

SB2020050737 - Fedora 31 update for squid

Published: May 7, 2020 Updated: April 25, 2025

Security Bulletin ID SB2020050737

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Integer overflow (CVE-ID: CVE-2020-11945)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow when processing HTTP Digest Authentication tokens, if memory pooling is disabled. A remote attacker can pass a specially crafted authentication nonce and execute arbitrary code on the server through the free'd nonce credentials.

In case memory pooling is enabled, a remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2020-848065cc4c