Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-28652

Опубликовано: 27 мая 2021
Источник: debian
EPSS Низкий

Описание

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short query string. This attack is limited to clients with Cache Manager API access privilege.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
squidfixed4.13-10package
squid3removedpackage

Примечания

  • https://github.com/squid-cache/squid/security/advisories/GHSA-m47m-9hvw-7447

  • http://www.squid-cache.org/Versions/v4/changesets/squid-4-0003e3518dc95e4b5ab46b5140af79b22253048e.patch

  • https://megamansec.github.io/Squid-Security-Audit/cachemanager-memleak.html

EPSS

Процентиль: 53%
0.00304
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2021-28652

CVSS3: 4.9
ubuntu
около 4 лет назад

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short query string. This attack is limited to clients with Cache Manager API access privilege.

redhat логотип

CVE-2021-28652

CVSS3: 6.8
redhat
около 4 лет назад

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short query string. This attack is limited to clients with Cache Manager API access privilege.

nvd логотип

CVE-2021-28652

CVSS3: 4.9
nvd
около 4 лет назад

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short query string. This attack is limited to clients with Cache Manager API access privilege.

fstec логотип

BDU:2021-02730

CVSS3: 7.4
fstec
около 4 лет назад

Уязвимость компонента Cache Manager API прокси-сервера Squid, позволяющая нарушителю вызвать отказ в обслуживании

suse-cvrf логотип

openSUSE-SU-2021:1961-1

suse-cvrf
около 4 лет назад

Security update for squid

EPSS

Процентиль: 53%
0.00304
Низкий