CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
72.9%
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to
incorrect parser validation, it allows a Denial of Service attack against
the Cache Manager API. This allows a trusted client to trigger memory leaks
that. over time, lead to a Denial of Service via an unspecified short query
string. This attack is limited to clients with Cache Manager API access
privilege.
Author | Note |
---|---|
mdeslaur | this issue only affects the Cache Manager, which is usually restricted to trusted clients only. The patch is intrusive to backport to 3.x versions, so we will not be fixing this issue in older releases. We recommend setting appropriate access control to limit connections from trusted clients. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | squid | < 4.10-1ubuntu1.4 | UNKNOWN |
ubuntu | 20.10 | noarch | squid | < 4.13-1ubuntu2.2 | UNKNOWN |
ubuntu | 21.04 | noarch | squid | < 4.13-1ubuntu4.1 | UNKNOWN |
ubuntu | 21.10 | noarch | squid | < 4.13-10ubuntu1 | UNKNOWN |
ubuntu | 22.04 | noarch | squid | < 4.13-10ubuntu1 | UNKNOWN |
ubuntu | 18.04 | noarch | squid3 | < 3.5.27-1ubuntu1.11 | UNKNOWN |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
72.9%