Your submission was sent successfully! Close

CVE-2021-46784

Published: 31 December 2021

In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
squid
Launchpad, Ubuntu, Debian
bionic Does not exist

focal
Released (4.10-1ubuntu1.6)
impish
Released (4.13-10ubuntu5.1)
jammy
Released (5.2-1ubuntu4.1)
trusty Does not exist

upstream
Released (5.6)
xenial Does not exist

Patches:
upstream: https://github.com/squid-cache/squid/commit/780c4ea1b4c9d2fb41f6962aa6ed73ae57f74b2b (v4)
upstream: https://github.com/squid-cache/squid/commit/1740315dc85ade1965934b63c0a3244860bac0a1 (v5)
upstream: http://www.squid-cache.org/Versions/v5/changesets/SQUID-2021_7.patch (v5)
squid3
Launchpad, Ubuntu, Debian
bionic
Released (3.5.27-1ubuntu1.13)
focal Does not exist

impish Does not exist

jammy Does not exist

trusty Does not exist

upstream Needs triage

xenial Needs triage