Updated: 2023-11-07 19:52:26.936301
Description:
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short query string. This attack is limited to clients with Cache Manager API access privilege.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | MEDIUM | 4 |
CVSS Version 3.x | MEDIUM | 4.9 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
---|---|---|---|---|---|---|---|
CentOS 6 ELS | squid | 3.1.23 | 4.9 | MEDIUM | Ignored | 2022-04-19 00:48:37 | |
CentOS 6 ELS | squid34 | 3.4.14 | 4.9 | MEDIUM | Ignored | 2022-04-19 00:48:37 | |
CentOS 8.4 ELS | squid | 4.11-4 | 4.9 | MEDIUM | Released | CLSA-2022:1646060698 | 2022-04-19 00:48:37 |
CentOS 8.5 ELS | squid | 4.15-1 | 4.9 | MEDIUM | Not Vulnerable | 2022-04-19 00:48:37 | |
CloudLinux 6 ELS | squid | 3.1.23 | 4.9 | MEDIUM | Ignored | 2022-04-19 00:48:37 | |
CloudLinux 6 ELS | squid34 | 3.4.14 | 4.9 | MEDIUM | Ignored | 2022-04-19 00:48:37 | |
Oracle Linux 6 ELS | squid | 3.1.23 | 4.9 | MEDIUM | Ignored | 2022-04-19 00:48:37 | |
Oracle Linux 6 ELS | squid34 | 3.4.14 | 4.9 | MEDIUM | Ignored | 2022-04-19 00:48:37 | |
Ubuntu 16.04 ELS | squid | 3.5.12-1 | 4.9 | MEDIUM | Ignored | 2022-04-19 00:48:37 | |
Ubuntu 18.04 ELS | squid | 3.5.27-1 | 4.9 | MEDIUM | Ignored | 2023-07-31 05:08:25 |