Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2021-28651

Published: 27 May 2021

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
squid
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (4.10-1ubuntu1.4)
groovy
Released (4.13-1ubuntu2.2)
hirsute
Released (4.13-1ubuntu4.1)
impish
Released (4.13-10ubuntu1)
jammy
Released (4.13-10ubuntu1)
kinetic
Released (4.13-10ubuntu1)
trusty Does not exist

upstream
Released (4.15,4.13-10)
xenial Does not exist

Patches:
upstream: http://www.squid-cache.org/Versions/v4/changesets/squid-4-a975fd5aedc866629214aaaccb38376855351899.patch
upstream: https://github.com/squid-cache/squid/commit/a975fd5aedc866629214aaaccb38376855351899
squid3
Launchpad, Ubuntu, Debian
bionic
Released (3.5.27-1ubuntu1.11)
focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

kinetic Does not exist

trusty Does not exist

upstream Needs triage

xenial Needs triage