Описание
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing.
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing.
Ссылки
- https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf
- https://nvd.nist.gov/vuln/detail/CVE-2021-31806
- https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66
- https://security.netapp.com/advisory/ntap-20210716-0007
- https://www.debian.org/security/2021/dsa-4924
- http://seclists.org/fulldisclosure/2023/Oct/14
- http://www.openwall.com/lists/oss-security/2023/10/11/3
- http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch
Связанные уязвимости
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing.
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing.
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing.
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due ...
Уязвимость прокси-сервера Squid, существующая из-за недостаточной проверки введенных пользователем данных при выполнении запросов диапазона HTTP, позволяющая нарушителю вызвать отказ в обслуживании