Your submission was sent successfully! Close

CVE-2021-28651

Published: 27 May 2021

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
squid
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (4.10-1ubuntu1.4)
groovy
Released (4.13-1ubuntu2.2)
hirsute
Released (4.13-1ubuntu4.1)
impish
Released (4.13-10ubuntu1)
jammy
Released (4.13-10ubuntu1)
trusty Does not exist

upstream
Released (4.15,4.13-10)
xenial Does not exist

squid3
Launchpad, Ubuntu, Debian
bionic
Released (3.5.27-1ubuntu1.11)
focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

trusty Does not exist

upstream Needs triage

xenial Needs triage