CVE-2021-28651
squid: denial of service in URN processing
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption.
Se detectó un problema en Squid versiones anteriores a 4.15 y versiones 5.x anteriores a 5.0.6. Debido a un bug de administración del búfer, permite una denegación de servicio. Cuando se resuelve una petición con el esquema urn:, el analizador filtra una pequeña cantidad de memoria. Sin embargo, se presenta una metodología de ataque no especificada que puede desencadenar fácilmente una gran cantidad de consumo de memoria
An input validation flaw was found in Squid. This issue could allow a malicious server in collaboration with a trusted client to consume arbitrarily large amounts of memory on the server running Squid. The highest threat from this vulnerability is to system availability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-03-17 CVE Reserved
- 2021-05-26 CVE Published
- 2024-04-04 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-400: Uncontrolled Resource Consumption
- CWE-401: Missing Release of Memory after Effective Lifetime
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2023/Oct/14 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2023/10/11/3 | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20210716-0007 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://bugs.squid-cache.org/show_bug.cgi?id=5104 | 2024-08-03 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/squid-cache/squid/security/advisories/GHSA-ch36-9jhx-phm4 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | >= 2.0 < 4.15 Search vendor "Squid-cache" for product "Squid" and version " >= 2.0 < 4.15" | - |
Affected
| ||||||
| Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | >= 5.0 < 5.0.6 Search vendor "Squid-cache" for product "Squid" and version " >= 5.0 < 5.0.6" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Cloud Manager Search vendor "Netapp" for product "Cloud Manager" | - | - |
Affected
| ||||||