CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
89.0%
software: squid 5.9
WASP: ROSA-CHROME
package_evr_string: squid-5.9-1.src.rpm
CVE-ID: CVE-2021-46784
BDU-ID: 2022-04051
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Squid proxy server’s implementation of the Gopher network protocol is associated with the use of assert() or a similar operator. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service by sending a specially crafted response to the proxy server
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update squid
CVE-ID: CVE-2022-41317
BDU-ID: 2023-00066
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the Squid caching proxy server is related to inconsistent processing of internal URIs. Exploitation of the vulnerability could allow an attacker acting remotely to bypass ACL manager protection and gain access to cache manager information, which includes records about internal network structure, client credentials, client ID, and client traffic behavior
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update squid
CVE-ID: CVE-2022-41318
BDU-ID: 2023-01309
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Security Support Provider Interface (SSPI) and Server Message Block (SMB) network protocol implementation of the Squid proxy server is related to reading data beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information or cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update squid