CVE-2021-31807
squid: incorrect memory management in HTTP Range header
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent.
Se ha detectado un problema en Squid versiones anteriores a 4.15 y en versiones 5.x anteriores a 5.0.6. Un problema de desbordamiento de enteros permite a un servidor remoto conseguir una Denegación de Servicio cuando se entrega respuestas a peticiones de rango HTTP. El desencadenante del problema es un encabezado que puede esperarse que se presente en el tráfico HTTP sin ninguna intención maliciosa
An incorrect memory management flaw was found in Squid, where it is vulnerable to a denial of service attack against all clients using the proxy. The highest threat from this vulnerability is to system availability.
The range handler in The Squid Caching Proxy Server 3.0-4.1.4 and 5.0.1-5.0.5 suffers from multiple vulnerabilities triggered by specific HTTP requests and responses. These vulnerabilities allow remote attackers to cause a denial of service through specifically crafted requests.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-04-26 CVE Reserved
- 2021-05-26 CVE Published
- 2024-02-09 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-190: Integer Overflow or Wraparound
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (10)
URL | Tag | Source |
---|---|---|
http://seclists.org/fulldisclosure/2023/Oct/14 | Mailing List | |
http://www.openwall.com/lists/oss-security/2023/10/11/3 | Mailing List | |
https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf | Third Party Advisory | |
https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html | Mailing List | |
https://security.netapp.com/advisory/ntap-20210716-0007 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | >= 3.0 < 4.15 Search vendor "Squid-cache" for product "Squid" and version " >= 3.0 < 4.15" | - |
Affected
| ||||||
Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | >= 5.0 < 5.0.6 Search vendor "Squid-cache" for product "Squid" and version " >= 5.0 < 5.0.6" | - |
Affected
| ||||||
Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | 2.5.stable2 Search vendor "Squid-cache" for product "Squid" and version "2.5.stable2" | - |
Affected
| ||||||
Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | 2.5.stable3 Search vendor "Squid-cache" for product "Squid" and version "2.5.stable3" | - |
Affected
| ||||||
Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | 2.5.stable4 Search vendor "Squid-cache" for product "Squid" and version "2.5.stable4" | - |
Affected
| ||||||
Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | 2.5.stable5 Search vendor "Squid-cache" for product "Squid" and version "2.5.stable5" | - |
Affected
| ||||||
Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | 2.5.stable6 Search vendor "Squid-cache" for product "Squid" and version "2.5.stable6" | - |
Affected
| ||||||
Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | 2.5.stable7 Search vendor "Squid-cache" for product "Squid" and version "2.5.stable7" | - |
Affected
| ||||||
Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | 2.5.stable8 Search vendor "Squid-cache" for product "Squid" and version "2.5.stable8" | - |
Affected
| ||||||
Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | 2.5.stable9 Search vendor "Squid-cache" for product "Squid" and version "2.5.stable9" | - |
Affected
| ||||||
Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | 2.5.stable10 Search vendor "Squid-cache" for product "Squid" and version "2.5.stable10" | - |
Affected
| ||||||
Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | 2.5.stable11 Search vendor "Squid-cache" for product "Squid" and version "2.5.stable11" | - |
Affected
| ||||||
Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | 2.5.stable12 Search vendor "Squid-cache" for product "Squid" and version "2.5.stable12" | - |
Affected
| ||||||
Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | 2.5.stable13 Search vendor "Squid-cache" for product "Squid" and version "2.5.stable13" | - |
Affected
| ||||||
Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | 2.5.stable14 Search vendor "Squid-cache" for product "Squid" and version "2.5.stable14" | - |
Affected
| ||||||
Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | 2.6 Search vendor "Squid-cache" for product "Squid" and version "2.6" | - |
Affected
| ||||||
Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | 2.7 Search vendor "Squid-cache" for product "Squid" and version "2.7" | - |
Affected
| ||||||
Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | 2.7 Search vendor "Squid-cache" for product "Squid" and version "2.7" | stable2 |
Affected
| ||||||
Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | 2.7 Search vendor "Squid-cache" for product "Squid" and version "2.7" | stable3 |
Affected
| ||||||
Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | 2.7 Search vendor "Squid-cache" for product "Squid" and version "2.7" | stable4 |
Affected
| ||||||
Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | 2.7 Search vendor "Squid-cache" for product "Squid" and version "2.7" | stable5 |
Affected
| ||||||
Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | 2.7 Search vendor "Squid-cache" for product "Squid" and version "2.7" | stable6 |
Affected
| ||||||
Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | 2.7 Search vendor "Squid-cache" for product "Squid" and version "2.7" | stable7 |
Affected
| ||||||
Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | 2.7 Search vendor "Squid-cache" for product "Squid" and version "2.7" | stable8 |
Affected
| ||||||
Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | 2.7 Search vendor "Squid-cache" for product "Squid" and version "2.7" | stable9 |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Cloud Manager Search vendor "Netapp" for product "Cloud Manager" | - | - |
Affected
|