CVE-2021-31808

Updated: 2023-11-07 19:32:43.034877

Description:

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP Range request to trigger this.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 4
CVSS Version 3.x MEDIUM 6.5

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS squid 3.1.23 6.5 MEDIUM Ignored 2021-11-02 14:03:19
CentOS 6 ELS squid34 3.4.14 6.5 MEDIUM Ignored 2021-11-02 14:03:19
CentOS 8.4 ELS squid 4.11-4 6.5 MEDIUM Released CLSA-2022:1646060698 2022-02-28 14:41:40
CentOS 8.5 ELS squid 4.15-1 6.5 MEDIUM Not Vulnerable 2022-02-17 12:11:05
CloudLinux 6 ELS squid 3.1.23 6.5 MEDIUM Ignored 2021-11-02 14:03:19
CloudLinux 6 ELS squid34 3.4.14 6.5 MEDIUM Ignored 2021-11-02 14:03:19
Oracle Linux 6 ELS squid 3.1.23 6.5 MEDIUM Ignored 2021-11-02 14:03:19
Oracle Linux 6 ELS squid34 3.4.14 6.5 MEDIUM Ignored 2021-11-02 14:03:19
Ubuntu 16.04 ELS squid 3.5.12-1 6.5 MEDIUM Ignored 2021-11-02 14:03:19
Ubuntu 18.04 ELS squid 3.5.27-1 6.5 MEDIUM Already Fixed 2023-06-22 17:07:10