CVE-2021-28116
Published: 09 March 2021
Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.
Priority
Medium
CVSS 3 base score: 5.3
Status
| Package | Release | Status |
|---|---|---|
|
squid Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Deferred
(2021-05-03)
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Deferred
(2021-05-03)
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Deferred
(2021-05-03)
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Does not exist
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Does not exist
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
|
squid3 Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 21.04 (Hirsute Hippo) |
Does not exist
|
|
| Ubuntu 20.10 (Groovy Gorilla) |
Does not exist
|
|
| Ubuntu 20.04 LTS (Focal Fossa) |
Does not exist
|
|
| Ubuntu 18.04 LTS (Bionic Beaver) |
Deferred
(2021-05-03)
|
|
| Ubuntu 16.04 ESM (Xenial Xerus) |
Deferred
(2021-05-03)
|
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
Notes
| Author | Note |
|---|---|
| mdeslaur | as of 2021-05-03, there are no details on a fix from upstream for this issue |