A vulnerability has been discovered in Squid, a popular caching and forwarding proxy server, that allows a remote attacker to cause a denial of service by performing a buffer overflow attack. The vulnerability, identified as CVE-2023-46847, occurs when Squid is configured to accept HTTP Digest Authentication.
Exploit Details
The vulnerability arises from the improper handling of the "Digest authenticate" header in Squid versions prior to 5.2 when HTTP Digest Authentication is enabled. A remote attacker can exploit this by sending a specially crafted HTTP request containing up to 2 MB of arbitrary data. This payload overflows the buffer and results in heap corruption, ultimately leading to a denial of service condition.
The following code snippet demonstrates the vulnerable part of Squid
`c
// Source: src/auth/digest/UserRequest.cc
int
Auth::Digest::UserRequest::authenticated()
{
/* Check the nonce */
if (!nonce->isValid()) {
updateError(ERR_INVALID_REQ,
"Invalid response digest=" + authenticateDigestNonceLastRequest(nonce));
// ... OMITTED
/* Calculate the digest ourselves */
if (authenticateDigestNonceHLast(nonce)) {
Timeline
Published on: 11/03/2023 08:15:08 UTC
Last modified on: 11/20/2023 16:15:08 UTC