CVE-2021-28116
squid: out-of-bounds read in WCCP protocol data may lead to information disclosure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.
Squid versiones hasta 4.14 y 5.xa 5.0.5, en algunas configuraciones, permite la divulgación de información debido a una lectura fuera de límites en los datos del protocolo WCCP. Esto puede ser aprovechado como parte de una cadena para la ejecución remota de código como nobody
A flaw was found in squid. An out-of-bounds read in the WCCP protocol can be leveraged as part of a chain for remote code execution leading to an information disclosure. The highest threat from this vulnerability is to data confidentiality.
An update that fixes one vulnerability is now available. This update for squid fixes the following issues. Fixed a out-of-bounds read in the WCCP protocol. This update was imported from the SUSE:SLE-15:Update update project.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-03-09 CVE Reserved
- 2021-03-09 CVE Published
- 2024-08-03 CVE Updated
- 2025-07-13 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2021/10/04/1 | Mailing List |
|
| https://github.com/squid-cache/squid/security/advisories/GHSA-rgf3-9v3p-qp82 | Broken Link | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-157 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | <= 4.14 Search vendor "Squid-cache" for product "Squid" and version " <= 4.14" | - |
Affected
| ||||||
| Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | >= 5.0 <= 5.0.5 Search vendor "Squid-cache" for product "Squid" and version " >= 5.0 <= 5.0.5" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
| ||||||