Your submission was sent successfully! Close

CVE-2021-28116

Published: 9 March 2021

Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.

Priority

Medium

CVSS 3 base score: 5.3

Status

Package Release Status
squid
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (4.10-1ubuntu1.5)
groovy Ignored
(reached end-of-life)
hirsute
Released (4.13-1ubuntu4.2)
impish
Released (4.13-10ubuntu5)
jammy
Released (4.13-10ubuntu5)
precise Does not exist

trusty Does not exist

upstream
Released (4.17)
xenial Does not exist

squid3
Launchpad, Ubuntu, Debian
bionic
Released (3.5.27-1ubuntu1.12)
focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

precise Ignored
(end of ESM support, was deferred [2021-09-07])
trusty Does not exist

upstream Needs triage

xenial Needed