CVE-2021-31806
squid: improper input validation in HTTP Range header
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing.
Se detectó un problema en Squid versiones anteriores a 4.15 y versiones 5.x anteriores a 5.0.6. Debido a un bug de administración de la memoria, es vulnerable a un ataque de Denegación de Servicio (contra todos los clientes que usan el proxy) por medio del procesamiento de peticiones HTTP Range
An incorrect input validation flaw was found in Squid, where it is vulnerable to a denial of service attack against all clients using the proxy. The highest threat from this vulnerability is to system availability.
The range handler in The Squid Caching Proxy Server 3.0-4.1.4 and 5.0.1-5.0.5 suffers from multiple vulnerabilities triggered by specific HTTP requests and responses. These vulnerabilities allow remote attackers to cause a denial of service through specifically crafted requests.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-04-26 CVE Reserved
- 2021-05-26 CVE Published
- 2024-05-30 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-116: Improper Encoding or Escaping of Output
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2023/Oct/14 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2023/10/11/3 | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20210716-0007 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | < 4.15 Search vendor "Squid-cache" for product "Squid" and version " < 4.15" | - |
Affected
| ||||||
| Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | >= 5.0 < 5.0.6 Search vendor "Squid-cache" for product "Squid" and version " >= 5.0 < 5.0.6" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Cloud Manager Search vendor "Netapp" for product "Cloud Manager" | - | - |
Affected
| ||||||