rpm package
almalinux/squid
pkg:rpm/almalinux/squid
Vulnerabilities (27)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-33620 | — | < 7:4.15-3.module_el8.6.0+3010+383bc947.1 | 7:4.15-3.module_el8.6.0+3010+383bc947.1 | May 28, 2021 | Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server. | ||
| CVE-2021-31808 | — | < 7:4.15-3.module_el8.6.0+3010+383bc947.1 | 7:4.15-3.module_el8.6.0+3010+383bc947.1 | May 27, 2021 | An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP Range request to trigger this. | ||
| CVE-2021-31806 | — | < 7:4.15-3.module_el8.6.0+3010+383bc947.1 | 7:4.15-3.module_el8.6.0+3010+383bc947.1 | May 27, 2021 | An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing. | ||
| CVE-2021-28662 | — | < 7:4.15-3.module_el8.6.0+3010+383bc947.1 | 7:4.15-3.module_el8.6.0+3010+383bc947.1 | May 27, 2021 | An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic. | ||
| CVE-2021-28652 | — | < 7:4.15-3.module_el8.6.0+3010+383bc947.1 | 7:4.15-3.module_el8.6.0+3010+383bc947.1 | May 27, 2021 | An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unsp | ||
| CVE-2021-28651 | — | < 7:4.15-3.module_el8.6.0+3010+383bc947.1 | 7:4.15-3.module_el8.6.0+3010+383bc947.1 | May 27, 2021 | An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can | ||
| CVE-2021-28116 | — | < 7:4.15-3.module_el8.6.0+2741+01592ae8 | 7:4.15-3.module_el8.6.0+2741+01592ae8 | Mar 9, 2021 | Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody. |
- CVE-2021-33620May 28, 2021affected < 7:4.15-3.module_el8.6.0+3010+383bc947.1fixed 7:4.15-3.module_el8.6.0+3010+383bc947.1
Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server.
- CVE-2021-31808May 27, 2021affected < 7:4.15-3.module_el8.6.0+3010+383bc947.1fixed 7:4.15-3.module_el8.6.0+3010+383bc947.1
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP Range request to trigger this.
- CVE-2021-31806May 27, 2021affected < 7:4.15-3.module_el8.6.0+3010+383bc947.1fixed 7:4.15-3.module_el8.6.0+3010+383bc947.1
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing.
- CVE-2021-28662May 27, 2021affected < 7:4.15-3.module_el8.6.0+3010+383bc947.1fixed 7:4.15-3.module_el8.6.0+3010+383bc947.1
An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic.
- CVE-2021-28652May 27, 2021affected < 7:4.15-3.module_el8.6.0+3010+383bc947.1fixed 7:4.15-3.module_el8.6.0+3010+383bc947.1
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unsp
- CVE-2021-28651May 27, 2021affected < 7:4.15-3.module_el8.6.0+3010+383bc947.1fixed 7:4.15-3.module_el8.6.0+3010+383bc947.1
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can
- CVE-2021-28116Mar 9, 2021affected < 7:4.15-3.module_el8.6.0+2741+01592ae8fixed 7:4.15-3.module_el8.6.0+2741+01592ae8
Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.
Page 2 of 2