Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-31807

Опубликовано: 08 июн. 2021
Источник: debian
EPSS Средний

Описание

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
squidfixed4.13-10package
squid3removedpackage

Примечания

  • https://bugzilla.suse.com/show_bug.cgi?id=1185916

  • https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf

  • http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch

  • https://megamansec.github.io/Squid-Security-Audit/range-uaf.html

EPSS

Процентиль: 97%
0.3759
Средний

Связанные уязвимости

ubuntu логотип

CVE-2021-31807

CVSS3: 6.5
ubuntu
около 4 лет назад

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent.

redhat логотип

CVE-2021-31807

CVSS3: 6.5
redhat
около 4 лет назад

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent.

nvd логотип

CVE-2021-31807

CVSS3: 6.5
nvd
около 4 лет назад

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent.

github логотип

GHSA-34v2-m9jr-2wg3

CVSS3: 6.5
github
около 3 лет назад

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent.

fstec логотип

BDU:2021-05158

CVSS3: 6.5
fstec
около 4 лет назад

Уязвимость прокси-сервера Squid, связанная с целочисленным переполнением, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 97%
0.3759
Средний