CVE-2021-28651

Updated: 2024-11-22 02:49:00.192485

Description:

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 5
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

CentOS 6 ELS squid34 3.4.14 7.5 HIGH Released CLSA-2021:1632262221 2022-05-05 12:38:03
CentOS 6 ELS squid 3.1.23 7.5 HIGH Released CLSA-2022:1650575956 2022-05-05 12:05:19
CentOS 8.4 ELS squid 4.11-4 7.5 HIGH Released CLSA-2022:1646060698 2022-02-28 14:41:40
CentOS 8.5 ELS squid 4.15-1 7.5 HIGH Not Vulnerable 2022-02-17 12:11:05
CloudLinux 6 ELS squid 3.1.23 7.5 HIGH Released 2021-12-09 07:57:08
CloudLinux 6 ELS squid34 3.4.14 7.5 HIGH Released 2021-12-09 07:57:08
CloudLinux 7 ELS squid 3.5.20 7.5 HIGH Released CLSA-2024:1733909428 2024-12-25 23:21:38
Oracle Linux 6 ELS squid 3.1.23 7.5 HIGH Released CLSA-2021:1634925537 2021-12-09 07:57:08
Oracle Linux 6 ELS squid34 3.4.14 7.5 HIGH Released CLSA-2021:1634925634 2021-12-09 07:57:08
Oracle Linux 7 ELS squid 3.5.20 7.5 HIGH Already Fixed 2024-12-10 16:21:56
Total: 12