Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2021-33620

Published: 28/05/2021 Updated: 07/11/2023
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 356
Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Subscribe to Squid-cache

Vulnerability Summary

Squid prior to 4.15 and 5.x prior to 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

squid-cache squid

fedoraproject fedora 33

fedoraproject fedora 34

debian debian linux 9.0

Vendor Advisories

Amazon Linux AMI: ALAS-2023-1687
An issue was discovered in Squid before 415 and 5x before 506 Due to a buffer-management bug, it allows a denial of service When resolving a request with the urn: scheme, the parser leaks a small amount of memory However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption (CVE-2021-28651) ...
Amazon Linux 2: ALAS2-2023-1950
An issue was discovered in Squid before 415 and 5x before 506 Due to a buffer-management bug, it allows a denial of service When resolving a request with the urn: scheme, the parser leaks a small amount of memory However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption (CVE-2021-28651) ...
Amazon Linux 2: ALASSQUID4-2023-004
Squid through 414 and 5x through 505, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data This can be leveraged as part of a chain for remote code execution as nobody (CVE-2021-28116) An issue was discovered in Squid before 415 and 5x before 506 Due to a buffer-management bug, it a ...
Red Hat: CVE-2021-33620
An input validation flaw was found in Squid This issue could allow a remote server to perform a denial of service against all clients using the proxy when delivering HTTP response messages The highest threat from this vulnerability is to system availability ...

References

CWE-20https://github.com/squid-cache/squid/security/advisories/GHSA-572g-rvwr-6c7fhttp://www.squid-cache.org/Versions/v4/changesets/squid-4-1e05a85bd28c22c9ca5d3ac9f5e86d6269ec0a8c.patchhttp://www.squid-cache.org/Versions/v5/changesets/squid-5-8af775ed98bfd610f9ce762fe177e01b2675588c.patchhttps://lists.debian.org/debian-lts-announce/2021/06/msg00014.htmlhttp://www.openwall.com/lists/oss-security/2023/10/11/3http://seclists.org/fulldisclosure/2023/Oct/14https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/https://nvd.nist.govhttps://alas.aws.amazon.com/ALAS-2023-1687.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook