Your submission was sent successfully! Close

CVE-2021-33620

Published: 28 May 2021

Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
squid
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (4.10-1ubuntu1.4)
groovy
Released (4.13-1ubuntu2.2)
hirsute
Released (4.13-1ubuntu4.1)
impish
Released (4.13-10ubuntu1)
jammy
Released (4.13-10ubuntu1)
trusty Does not exist

upstream
Released (4.15,4.13-10)
xenial Does not exist

squid3
Launchpad, Ubuntu, Debian
bionic
Released (3.5.27-1ubuntu1.11)
focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

trusty Does not exist

upstream Needs triage

xenial Needs triage