CVE-2021-31807
Description
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- Squid/Squiddescription
- osv-coords3 versions
< 1.0.1-2.module_el8.6.0+2741+01592ae8+ 2 more
- (no CPE)range: < 1.0.1-2.module_el8.6.0+2741+01592ae8
- (no CPE)range: < 1.0.1-2.module_el8.6.0+2741+01592ae8
- (no CPE)range: < 7:4.15-3.module_el8.6.0+3010+383bc947.1
Patches
Vulnerability mechanics
Root cause
"Integer overflow when parsing HTTP Range/Content-Range header values leads to undersized buffer allocation and use-after-free."
Attack vector
A remote server (or an attacker controlling a server the proxy contacts) sends an HTTP response containing a crafted Range or Content-Range header to Squid. The integer overflow occurs when Squid computes offsets or lengths from the header values, leading to memory corruption. This can be triggered without any malicious intent from the client — the header is one that "can be expected to exist in HTTP traffic" [ref_id=1]. The result is a denial of service, typically via a use-after-free or crash.
Affected code
The vulnerability is in Squid's handling of HTTP Range requests. The advisory [ref_id=1] identifies the issue as "Partial Content Parsing Use-After-Free CVE-2021-31807" and "Integer Overflow in Range Header CVE-2021-31808" as separate but related bugs. The affected code paths involve parsing of Content-Range and Range headers in HTTP responses, where integer overflow can occur when processing range values.
What the fix does
The advisory [ref_id=1] states that the issue was fixed in Squid before 4.15 and 5.x before 5.0.6, but does not provide a patch diff. The fix addresses the integer overflow by adding proper bounds checking when parsing range-related header values, preventing the arithmetic overflow that leads to undersized buffer allocation or incorrect memory access. No further technical details of the patch are available in the supplied bundle.
Preconditions
- configSquid must be configured as a forward or reverse proxy that processes HTTP Range requests
- networkA remote server delivers an HTTP response with a crafted Range or Content-Range header to the proxy
- authNo authentication or special privileges required — the trigger header is one that can appear in normal HTTP traffic
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/mitrevendor-advisory
- seclists.org/fulldisclosure/2023/Oct/14mitremailing-list
- www.openwall.com/lists/oss-security/2023/10/11/3mitremailing-list
- lists.debian.org/debian-lts-announce/2021/06/msg00014.htmlmitremailing-list
- www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patchmitre
- github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xfmitre
- security.netapp.com/advisory/ntap-20210716-0007/mitre
News mentions
0No linked articles in our index yet.