CVE-2021-28652

Updated: 2023-11-07 19:52:26.936301

Description:

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short query string. This attack is limited to clients with Cache Manager API access privilege.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 4
CVSS Version 3.x MEDIUM 4.9

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS squid 3.1.23 4.9 MEDIUM Ignored 2022-04-19 00:48:37
CentOS 6 ELS squid34 3.4.14 4.9 MEDIUM Ignored 2022-04-19 00:48:37
CentOS 8.4 ELS squid 4.11-4 4.9 MEDIUM Released CLSA-2022:1646060698 2022-04-19 00:48:37
CentOS 8.5 ELS squid 4.15-1 4.9 MEDIUM Not Vulnerable 2022-04-19 00:48:37
CloudLinux 6 ELS squid 3.1.23 4.9 MEDIUM Ignored 2022-04-19 00:48:37
CloudLinux 6 ELS squid34 3.4.14 4.9 MEDIUM Ignored 2022-04-19 00:48:37
Oracle Linux 6 ELS squid 3.1.23 4.9 MEDIUM Ignored 2022-04-19 00:48:37
Oracle Linux 6 ELS squid34 3.4.14 4.9 MEDIUM Ignored 2022-04-19 00:48:37
Ubuntu 16.04 ELS squid 3.5.12-1 4.9 MEDIUM Ignored 2022-04-19 00:48:37
Ubuntu 18.04 ELS squid 3.5.27-1 4.9 MEDIUM Ignored 2023-07-31 05:08:25