Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 06:09
Type | Values Removed | Values Added |
---|---|---|
References | () http://seclists.org/fulldisclosure/2023/Oct/14 - Mailing List, Third Party Advisory | |
References | () http://www.openwall.com/lists/oss-security/2023/10/11/3 - Mailing List, Third Party Advisory | |
References | () http://www.squid-cache.org/Versions/v4/changesets/squid-4-1e05a85bd28c22c9ca5d3ac9f5e86d6269ec0a8c.patch - Mailing List, Patch, Vendor Advisory | |
References | () http://www.squid-cache.org/Versions/v5/changesets/squid-5-8af775ed98bfd610f9ce762fe177e01b2675588c.patch - Mailing List, Patch, Vendor Advisory | |
References | () https://github.com/squid-cache/squid/security/advisories/GHSA-572g-rvwr-6c7f - Patch, Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html - Mailing List, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/ - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/ - |
03 Jun 2022, 17:30
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/ - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/ - Third Party Advisory | |
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* |
14 Jun 2021, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Jun 2021, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Jun 2021, 16:18
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://www.squid-cache.org/Versions/v4/changesets/squid-4-1e05a85bd28c22c9ca5d3ac9f5e86d6269ec0a8c.patch - Mailing List, Patch, Vendor Advisory | |
References | (MISC) https://github.com/squid-cache/squid/security/advisories/GHSA-572g-rvwr-6c7f - Patch, Third Party Advisory | |
References | (MISC) http://www.squid-cache.org/Versions/v5/changesets/squid-5-8af775ed98bfd610f9ce762fe177e01b2675588c.patch - Mailing List, Patch, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 6.5 |
CPE | cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:* | |
CWE | CWE-20 |
28 May 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-05-28 12:15
Updated : 2024-11-21 06:09
NVD link : CVE-2021-33620
Mitre link : CVE-2021-33620
CVE.ORG link : CVE-2021-33620
JSON object : View
Products Affected
squid-cache
- squid
debian
- debian_linux
fedoraproject
- fedora
CWE
CWE-20
Improper Input Validation