Your submission was sent successfully! Close

CVE-2021-31808

Published: 27 May 2021

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP Range request to trigger this.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
squid
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (4.10-1ubuntu1.4)
groovy
Released (4.13-1ubuntu2.2)
hirsute
Released (4.13-1ubuntu4.1)
impish
Released (4.13-10ubuntu1)
jammy
Released (4.13-10ubuntu1)
trusty Does not exist

upstream
Released (4.15,4.13-10)
xenial Does not exist

squid3
Launchpad, Ubuntu, Debian
bionic
Released (3.5.27-1ubuntu1.11)
focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

trusty Does not exist

upstream Needs triage

xenial Needs triage