{"api_version":"1","generated_at":"2026-04-23T02:18:32+00:00","cve":"CVE-2020-11945","urls":{"html":"https://cve.report/CVE-2020-11945","api":"https://cve.report/api/cve/CVE-2020-11945.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-11945","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-11945"},"summary":{"title":"CVE-2020-11945","description":"An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials).","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2020-04-23 15:15:00","updated_at":"2023-11-07 03:15:00"},"problem_types":["CWE-190"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4MWXEZAJSOGRJSS2JCJK4WBSND4IV46/","name":"FEDORA-2020-56e809930e","refsource":"","tags":[],"title":"[SECURITY] Fedora 32 Update: squid-4.11-1.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/squid-cache/squid/pull/585","name":"https://github.com/squid-cache/squid/pull/585","refsource":"MISC","tags":["Patch","Third Party Advisory"],"title":"Fix auth digest refcount integer overflow by desbma-s1n · Pull Request #585 · squid-cache/squid · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RV2VZWFJNO3B56IVN56HHKJASG5DYUIX/","name":"FEDORA-2020-a6a921a591","refsource":"FEDORA","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] Fedora 30 Update: squid-4.11-1.fc30 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html","name":"[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update","refsource":"MLIST","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] [DLA 2278-1] squid3 security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2020/04/23/2","name":"http://www.openwall.com/lists/oss-security/2020/04/23/2","refsource":"CONFIRM","tags":["Mailing List","Third Party Advisory"],"title":"oss-security - [ADVISORY] SQUID-2020:4 Multiple issues in HTTP Digest authentication","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1170313","name":"https://bugzilla.suse.com/show_bug.cgi?id=1170313","refsource":"CONFIRM","tags":["Issue Tracking","Third Party Advisory"],"title":"Bug 1170313 – VUL-0: CVE-2020-11945: squid: integer overflow bug allows credential replay and remote code execution attacks against HTTP Digest Authentication tokens","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4MWXEZAJSOGRJSS2JCJK4WBSND4IV46/","name":"FEDORA-2020-56e809930e","refsource":"FEDORA","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] Fedora 32 Update: squid-4.11-1.fc32 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/squid-cache/squid/commit/eeebf0f37a72a2de08348e85ae34b02c34e9a811","name":"https://github.com/squid-cache/squid/commit/eeebf0f37a72a2de08348e85ae34b02c34e9a811","refsource":"MISC","tags":["Patch","Third Party Advisory"],"title":"Fix auth digest refcount integer overflow (#585) · squid-cache/squid@eeebf0f · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html","name":"openSUSE-SU-2020:0623","refsource":"SUSE","tags":["Mailing List","Third Party Advisory"],"title":"[security-announce] openSUSE-SU-2020:0623-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RV2VZWFJNO3B56IVN56HHKJASG5DYUIX/","name":"FEDORA-2020-a6a921a591","refsource":"","tags":[],"title":"[SECURITY] Fedora 30 Update: squid-4.11-1.fc30 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/202005-05","name":"GLSA-202005-05","refsource":"GENTOO","tags":["Third Party Advisory"],"title":"Squid: Multiple vulnerabilities (GLSA 202005-05) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20210304-0004/","name":"https://security.netapp.com/advisory/ntap-20210304-0004/","refsource":"CONFIRM","tags":["Third Party Advisory"],"title":"CVE-2020-11945 Squid Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch","name":"http://www.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch","refsource":"MISC","tags":["Patch","Vendor Advisory"],"title":"","mime":"text/x-diff","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2020/dsa-4682","name":"DSA-4682","refsource":"DEBIAN","tags":["Third Party Advisory"],"title":"Debian -- Security Information -- DSA-4682-1 squid","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4FWQRYZJPHAZBLXJ56FPCHJN5X2FP3VA/","name":"FEDORA-2020-848065cc4c","refsource":"FEDORA","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] Fedora 31 Update: squid-4.11-1.fc31 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4FWQRYZJPHAZBLXJ56FPCHJN5X2FP3VA/","name":"FEDORA-2020-848065cc4c","refsource":"","tags":[],"title":"[SECURITY] Fedora 31 Update: squid-4.11-1.fc31 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://master.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch","name":"http://master.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch","refsource":"MISC","tags":["Vendor Advisory"],"title":"","mime":"text/x-diff","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/4356-1/","name":"USN-4356-1","refsource":"UBUNTU","tags":["Third Party Advisory"],"title":"USN-4356-1: Squid vulnerabilities | Ubuntu security notices | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-11945","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11945","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"11945","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"16.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"11945","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"18.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"11945","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"19.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"11945","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"20.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"11945","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"11945","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"11945","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"30","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"11945","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"31","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"11945","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"32","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"11945","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"leap","cpe6":"15.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"11945","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"squid-cache","cpe5":"squid","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"11945","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"squid-cache","cpe5":"squid","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"11945","vulnerable":"1","versionEndIncluding":"3.5.28","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"squid-cache","cpe5":"squid","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"11945","vulnerable":"1","versionEndIncluding":"4.10","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"squid-cache","cpe5":"squid","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-11945","qid":"296074","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 22.69.4 Missing (CPUAPR2020)"},{"cve":"CVE-2020-11945","qid":"356292","title":"Amazon Linux Security Advisory for squid : ALASSQUID4-2023-008"},{"cve":"CVE-2020-11945","qid":"377033","title":"Alibaba Cloud Linux Security Update for squid (ALINUX2-SA-2020:0092)"},{"cve":"CVE-2020-11945","qid":"377360","title":"Alibaba Cloud Linux Security Update for squid:4 (ALINUX3-SA-2022:0124)"},{"cve":"CVE-2020-11945","qid":"940334","title":"AlmaLinux Security Update for squid:4 (ALSA-2020:2041)"},{"cve":"CVE-2020-11945","qid":"960236","title":"Rocky Linux Security Update for squid:4 (RLSA-2020:2041)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2020-11945","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials)."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"http://www.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch","refsource":"MISC","name":"http://www.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch"},{"url":"http://master.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch","refsource":"MISC","name":"http://master.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch"},{"url":"https://github.com/squid-cache/squid/pull/585","refsource":"MISC","name":"https://github.com/squid-cache/squid/pull/585"},{"url":"https://github.com/squid-cache/squid/commit/eeebf0f37a72a2de08348e85ae34b02c34e9a811","refsource":"MISC","name":"https://github.com/squid-cache/squid/commit/eeebf0f37a72a2de08348e85ae34b02c34e9a811"},{"refsource":"CONFIRM","name":"http://www.openwall.com/lists/oss-security/2020/04/23/2","url":"http://www.openwall.com/lists/oss-security/2020/04/23/2"},{"refsource":"CONFIRM","name":"https://bugzilla.suse.com/show_bug.cgi?id=1170313","url":"https://bugzilla.suse.com/show_bug.cgi?id=1170313"},{"refsource":"DEBIAN","name":"DSA-4682","url":"https://www.debian.org/security/2020/dsa-4682"},{"refsource":"SUSE","name":"openSUSE-SU-2020:0623","url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"},{"refsource":"GENTOO","name":"GLSA-202005-05","url":"https://security.gentoo.org/glsa/202005-05"},{"refsource":"FEDORA","name":"FEDORA-2020-848065cc4c","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4FWQRYZJPHAZBLXJ56FPCHJN5X2FP3VA/"},{"refsource":"FEDORA","name":"FEDORA-2020-a6a921a591","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RV2VZWFJNO3B56IVN56HHKJASG5DYUIX/"},{"refsource":"FEDORA","name":"FEDORA-2020-56e809930e","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4MWXEZAJSOGRJSS2JCJK4WBSND4IV46/"},{"refsource":"UBUNTU","name":"USN-4356-1","url":"https://usn.ubuntu.com/4356-1/"},{"refsource":"MLIST","name":"[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update","url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20210304-0004/","url":"https://security.netapp.com/advisory/ntap-20210304-0004/"}]}},"nvd":{"publishedDate":"2020-04-23 15:15:00","lastModifiedDate":"2023-11-07 03:15:00","problem_types":["CWE-190"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0","versionEndIncluding":"3.5.28","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"5.0.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndExcluding":"4.11","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"11945","Ordinal":"173083","Title":"CVE-2020-11945","CVE":"CVE-2020-11945","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"11945","Ordinal":"1","NoteData":"An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials).","Type":"Description","Title":null},{"CveYear":"2020","CveId":"11945","Ordinal":"2","NoteData":"2020-04-23","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"11945","Ordinal":"3","NoteData":"2021-03-04","Type":"Other","Title":"Modified"}]}}}