Your submission was sent successfully! Close

CVE-2020-25097

Published: 19 March 2021

An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings.

Priority

Medium

CVSS 3 base score: 8.6

Status

Package Release Status
squid
Launchpad, Ubuntu, Debian
Upstream
Released (4.14)
Ubuntu 21.04 (Hirsute Hippo)
Released (4.13-1ubuntu3)
Ubuntu 20.04 LTS (Focal Fossa)
Released (4.10-1ubuntu1.3)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_11.patch
squid3
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver)
Released (3.5.27-1ubuntu1.10)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (3.5.12-1ubuntu7.16)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist