Lucene search

K
ubuntucveUbuntu.comUB:CVE-2021-28116
HistoryMar 09, 2021 - 12:00 a.m.

CVE-2021-28116

2021-03-0900:00:00
ubuntu.com
ubuntu.com
13

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.057

Percentile

93.4%

Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows
information disclosure because of an out-of-bounds read in WCCP protocol
data. This can be leveraged as part of a chain for remote code execution as
nobody.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchsquid< 4.10-1ubuntu1.5UNKNOWN
ubuntu21.04noarchsquid< 4.13-1ubuntu4.2UNKNOWN
ubuntu21.10noarchsquid< 4.13-10ubuntu5UNKNOWN
ubuntu22.04noarchsquid< 4.13-10ubuntu5UNKNOWN
ubuntu22.10noarchsquid< 4.13-10ubuntu5UNKNOWN
ubuntu23.04noarchsquid< 4.13-10ubuntu5UNKNOWN
ubuntu23.10noarchsquid< 4.13-10ubuntu5UNKNOWN
ubuntu24.04noarchsquid< 4.13-10ubuntu5UNKNOWN
ubuntu18.04noarchsquid3< 3.5.27-1ubuntu1.12UNKNOWN
ubuntu16.04noarchsquid3< anyUNKNOWN

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.057

Percentile

93.4%