Your submission was sent successfully! Close

CVE-2021-41611

Published: 18 October 2021

An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed along to clients, allowing access to unsafe or hijacked services.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
squid
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Not vulnerable

hirsute Not vulnerable

impish Not vulnerable

jammy Not vulnerable

trusty Does not exist

upstream
Released (5.2)
xenial Does not exist

squid3
Launchpad, Ubuntu, Debian
bionic Not vulnerable

focal Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

trusty Does not exist

upstream Not vulnerable

xenial Not vulnerable