Описание
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | released | 4.13-10ubuntu1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | not-affected | 4.10-1ubuntu1.4 |
| focal | released | 4.10-1ubuntu1.4 |
| groovy | released | 4.13-1ubuntu2.2 |
| hirsute | released | 4.13-1ubuntu4.1 |
| impish | released | 4.13-10ubuntu1 |
| jammy | released | 4.13-10ubuntu1 |
| kinetic | released | 4.13-10ubuntu1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 3.5.27-1ubuntu1.11 |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | 3.5.27-1ubuntu1.11 |
| esm-infra/focal | DNE | |
| esm-infra/xenial | released | 3.5.12-1ubuntu7.16+esm3 |
| focal | DNE | |
| groovy | DNE | |
| hirsute | DNE | |
| impish | DNE |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption.
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption.
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due ...
Уязвимость прокси-сервера Squid, существующая из-за недостаточной проверки ввода при разрешении идентификаторов ресурсов «urn:», позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5 Medium
CVSS2
7.5 High
CVSS3