Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2021-28116

Published: 9 March 2021

Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.

Priority

Medium

CVSS 3 base score: 5.3

Status

Package Release Status
squid
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (4.10-1ubuntu1.5)
groovy Ignored
(reached end-of-life)
hirsute
Released (4.13-1ubuntu4.2)
impish
Released (4.13-10ubuntu5)
jammy
Released (4.13-10ubuntu5)
kinetic
Released (4.13-10ubuntu5)
precise Does not exist

trusty Does not exist

upstream
Released (4.17)
xenial Does not exist

Patches:
upstream: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_12.patch
squid3
Launchpad, Ubuntu, Debian
bionic
Released (3.5.27-1ubuntu1.12)
focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

precise Ignored
(end of ESM support, was deferred [2021-09-07])
trusty Does not exist

upstream Needs triage

xenial Needed