CVE-2021-28116

Опубликовано: 09 мар. 2021

Источник: nvd

CVSS3: 3.7

CVSS3: 5.3

CVSS2: 4.3

EPSS Низкий

Описание

Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.

Ссылки

http://www.openwall.com/lists/oss-security/2021/10/04/1
Mailing List
Third Party Advisory
http://www.squid-cache.org/Versions/
Product
Vendor Advisory
https://github.com/squid-cache/squid/security/advisories/GHSA-rgf3-9v3p-qp82
Broken Link
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/
https://security.gentoo.org/glsa/202105-14
Third Party Advisory
https://www.debian.org/security/2022/dsa-5171
Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-157/
Third Party Advisory
VDB Entry
http://www.openwall.com/lists/oss-security/2021/10/04/1
Mailing List
Third Party Advisory
http://www.squid-cache.org/Versions/
Product
Vendor Advisory
https://github.com/squid-cache/squid/security/advisories/GHSA-rgf3-9v3p-qp82
Broken Link
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/
https://security.gentoo.org/glsa/202105-14
Third Party Advisory
https://www.debian.org/security/2022/dsa-5171
Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-157/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*

Версия до 4.14 (включая)

cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*

Версия от 5.0 (включая) до 5.0.5 (включая)

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.04628

Низкий

3.7 Low

CVSS3

5.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

CVE-2021-28116

CVSS3: 3.7

ubuntu

больше 4 лет назад

CVE-2021-28116

CVSS3: 5.3

redhat

больше 4 лет назад

CVE-2021-28116

CVSS3: 3.7

debian

больше 4 лет назад

Squid through 4.14 and 5.x through 5.0.5, in some configurations, allo ...

openSUSE-SU-2021:3485-1

suse-cvrf

почти 4 года назад

Security update for squid

openSUSE-SU-2021:1419-1

suse-cvrf

почти 4 года назад

Security update for squid

EPSS

Процентиль: 89%

0.04628

Низкий

3.7 Low

CVSS3

5.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-125