Vulnerability CVE-2021-28662: Information
Description
An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
|---|---|---|---|---|---|---|
| squid | sisyphus | 4.15-alt1 | 6.8-alt1 | ALT-PU-2021-2058-1 | 275610 | Fixed |
| squid | p10 | 4.15-alt1 | 6.6-alt1 | ALT-PU-2021-2058-1 | 275610 | Fixed |
| squid | c10f1 | 4.15-alt1 | 6.6-alt1 | ALT-PU-2021-2058-1 | 275610 | Fixed |
| squid | c9f2 | 4.15-alt1 | 4.15-alt1 | ALT-PU-2021-2829-1 | 284978 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
|---|---|
| http://www.squid-cache.org/Versions/v6/changesets/squid-6-051824924c709bd6162a378f746fb859454c674e.patch |
|
| https://github.com/squid-cache/squid/security/advisories/GHSA-jjq6-mh2h-g39h |
|
| https://github.com/squid-cache/squid/commit/051824924c709bd6162a378f746fb859454c674e |
|
| DSA-4924 |
|
| [oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days. |
|
| 20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days. |
|
| FEDORA-2021-c0bec55ec7 | |
| FEDORA-2021-24af72ff2c |