Lucene search

PRIOn knowledge basePRION:CVE-2021-28652

HistoryMay 27, 2021 - 12:15 p.m.

Privilege escalation

2021-05-2712:15:00

PRIOn knowledge base

www.prio-n.com

6 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.9%

JSON

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short query string. This attack is limited to clients with Cache Manager API access privilege.

CPENameOperatorVersion
debian_linuxeq9.0
debian_linuxeq10.0
fedoraeq33
fedoraeq34
squidge5.0
squidlt5.0.6
squidge1.0
squidlt4.15

Name	Operator	Version
debian_linux	eq	9.0
debian_linux	eq	10.0
fedora	eq	33
fedora	eq	34
squid	ge	5.0
squid	lt	5.0.6
squid	ge	1.0
squid	lt	4.15

References

seclists.org/fulldisclosure/2023/Oct/14

www.openwall.com/lists/oss-security/2023/10/11/3

bugs.squid-cache.org/show_bug.cgi?id=5106

github.com/squid-cache/squid/security/advisories/GHSA-m47m-9hvw-7447

lists.debian.org/debian-lts-announce/2021/06/msg00014.html

lists.fedoraproject.org/archives/list/[email protected]/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/

lists.fedoraproject.org/archives/list/[email protected]/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/

www.debian.org/security/2021/dsa-4924