// For flags

CVE-2021-31807

squid: incorrect memory management in HTTP Range header

Severity Score

6.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent.

Se ha detectado un problema en Squid versiones anteriores a 4.15 y en versiones 5.x anteriores a 5.0.6. Un problema de desbordamiento de enteros permite a un servidor remoto conseguir una Denegación de Servicio cuando se entrega respuestas a peticiones de rango HTTP. El desencadenante del problema es un encabezado que puede esperarse que se presente en el tráfico HTTP sin ninguna intención maliciosa

An incorrect memory management flaw was found in Squid, where it is vulnerable to a denial of service attack against all clients using the proxy. The highest threat from this vulnerability is to system availability.

The range handler in The Squid Caching Proxy Server 3.0-4.1.4 and 5.0.1-5.0.5 suffers from multiple vulnerabilities triggered by specific HTTP requests and responses. These vulnerabilities allow remote attackers to cause a denial of service through specifically crafted requests.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-04-26 CVE Reserved
  • 2021-05-26 CVE Published
  • 2024-02-09 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-190: Integer Overflow or Wraparound
  • CWE-400: Uncontrolled Resource Consumption
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
>= 3.0 < 4.15
Search vendor "Squid-cache" for product "Squid" and version " >= 3.0 < 4.15"
-
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
>= 5.0 < 5.0.6
Search vendor "Squid-cache" for product "Squid" and version " >= 5.0 < 5.0.6"
-
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
2.5.stable2
Search vendor "Squid-cache" for product "Squid" and version "2.5.stable2"
-
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
2.5.stable3
Search vendor "Squid-cache" for product "Squid" and version "2.5.stable3"
-
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
2.5.stable4
Search vendor "Squid-cache" for product "Squid" and version "2.5.stable4"
-
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
2.5.stable5
Search vendor "Squid-cache" for product "Squid" and version "2.5.stable5"
-
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
2.5.stable6
Search vendor "Squid-cache" for product "Squid" and version "2.5.stable6"
-
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
2.5.stable7
Search vendor "Squid-cache" for product "Squid" and version "2.5.stable7"
-
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
2.5.stable8
Search vendor "Squid-cache" for product "Squid" and version "2.5.stable8"
-
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
2.5.stable9
Search vendor "Squid-cache" for product "Squid" and version "2.5.stable9"
-
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
2.5.stable10
Search vendor "Squid-cache" for product "Squid" and version "2.5.stable10"
-
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
2.5.stable11
Search vendor "Squid-cache" for product "Squid" and version "2.5.stable11"
-
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
2.5.stable12
Search vendor "Squid-cache" for product "Squid" and version "2.5.stable12"
-
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
2.5.stable13
Search vendor "Squid-cache" for product "Squid" and version "2.5.stable13"
-
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
2.5.stable14
Search vendor "Squid-cache" for product "Squid" and version "2.5.stable14"
-
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
2.6
Search vendor "Squid-cache" for product "Squid" and version "2.6"
-
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
2.7
Search vendor "Squid-cache" for product "Squid" and version "2.7"
-
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
2.7
Search vendor "Squid-cache" for product "Squid" and version "2.7"
stable2
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
2.7
Search vendor "Squid-cache" for product "Squid" and version "2.7"
stable3
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
2.7
Search vendor "Squid-cache" for product "Squid" and version "2.7"
stable4
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
2.7
Search vendor "Squid-cache" for product "Squid" and version "2.7"
stable5
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
2.7
Search vendor "Squid-cache" for product "Squid" and version "2.7"
stable6
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
2.7
Search vendor "Squid-cache" for product "Squid" and version "2.7"
stable7
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
2.7
Search vendor "Squid-cache" for product "Squid" and version "2.7"
stable8
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
2.7
Search vendor "Squid-cache" for product "Squid" and version "2.7"
stable9
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
33
Search vendor "Fedoraproject" for product "Fedora" and version "33"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
34
Search vendor "Fedoraproject" for product "Fedora" and version "34"
-
Affected
Netapp
Search vendor "Netapp"
Cloud Manager
Search vendor "Netapp" for product "Cloud Manager"
--
Affected