Debian: DLA-2685-1 Moderate: Squid3 Denial Of Service Exploit
debian lts
June 14, 2021
Several vulnerabilities were discovered in Squid, a proxy caching server
Topics Covered
Summary
CVE-2021-28651
Due to a buffer-management bug, it allows a denial of service.
When resolving a request with the urn: scheme, the parser leaks a
small amount of memory. However, there is an unspecified attack
methodology that can easily trigger a large amount of memory
consumption.
CVE-2021-28652
Due to incorrect parser validation, it allows a Denial of Service
attack against the Cache Manager API. This allows a trusted client
to trigger memory leaks that. over time, lead to a Denial of
Service via an unspecified short query string. This attack is
limited to clients with Cache Manager API access privilege.
CVE-2021-31806
Due to a memory-management bug, it is vulnerable to a Denial of
Service attack (against all clients using the proxy) via HTTP
Range request processing.
CVE-2021-31807
An integer overflow problem allows a remote server to achieve
Denial of Service when delivering responses to HTTP Range
PREVIOUS
NEXT
Package: squid3
Version: 3.5.23-5+deb9u7
CVE ID: CVE-2021-28651 CVE-2021-28652 CVE-2021-31806 CVE-2021-31807
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!