Published: 27/05/2021 Updated: 07/11/2023

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 4.9 | Impact Score: 3.6 | Exploitability Score: 1.2

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P

An issue exists in Squid prior to 4.15 and 5.x prior to 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short query string. This attack is limited to clients with Cache Manager API access privilege.

Vulnerable Product	Search on Vulmon	Subscribe to Product
squid-cache squid
debian debian linux 9.0
debian debian linux 10.0
fedoraproject fedora 33
fedoraproject fedora 34

Debian Bug report logs - #988892 squid: CVE-2021-28652 Package: src:squid; Maintainer for src:squid is Luigi Gangitano <luigi@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 20 May 2021 19:24:01 UTC Severity: important Tags: security, upstream Found in versions squid/46-1+deb10u5, squi ...

Multiple denial of service vulnerabilities were discovered in the Squid proxy caching server For the stable distribution (buster), these problems have been fixed in version 46-1+deb10u6 We recommend that you upgrade your squid packages For the detailed security status of squid please refer to its security tracker page at: security-track ...

An issue was discovered in Squid before 415 and 5x before 506 Due to a buffer-management bug, it allows a denial of service When resolving a request with the urn: scheme, the parser leaks a small amount of memory However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption (CVE-2021-28651) ...

Squid through 414 and 5x through 505, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data This can be leveraged as part of a chain for remote code execution as nobody (CVE-2021-28116) An issue was discovered in Squid before 415 and 5x before 506 Due to a buffer-management bug, it a ...

A flaw was found in Squid A parser validation bug could allow a trusted client with Cache Manager API access privileges to trigger memory leaks, potentially resulting in a denial of service against Squid The highest threat from this vulnerability is to system availability ...

Severity Unknown Remote Unknown Type Unknown Description AVG-1949 squid 414-1 Unknown Vulnerable ...

CWE-401 https://github.com/squid-cache/squid/security/advisories/GHSA-m47m-9hvw-7447 https://bugs.squid-cache.org/show_bug.cgi?id=5106 https://www.debian.org/security/2021/dsa-4924 https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html http://www.openwall.com/lists/oss-security/2023/10/11/3 http://seclists.org/fulldisclosure/2023/Oct/14 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988892 https://nvd.nist.gov https://www.debian.org/security/2021/dsa-4924

CVE-2021-28652

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect