7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
squid:sid is vulnerable to denial of service. Lack of secure certificate validation of TLS server certificates allows a remote server to obtain security trust when the trust is not valid. This indication of trust may be passed along to clients allowing access to unsafe or hijacked services.
CPE | Name | Operator | Version |
---|---|---|---|
squid:sid | eq | 4.13-1 | |
squid:sid | eq | 4.13-6 | |
squid:edge | eq | 5.0.7-r1 | |
squid:edge | eq | 5.1-r1 | |
squid:edge | eq | 5.0.5-r0 | |
squid:edge | eq | 5.1-r0 | |
squid:edge | eq | 4.10-r0 | |
squid:edge | eq | 5.0.6-r0 | |
squid:edge | eq | 5.0.7-r0 | |
squid:edge | eq | 4.11-r0 |
www.openwall.com/lists/oss-security/2021/12/23/2
www.squid-cache.org/Versions/v6/changesets/squid-6-43d6b5c81b88ec2256b430c69a872a1e4f324e4a.patch
github.com/squid-cache/squid/security/advisories/GHSA-47m4-g3mv-9q5r
lists.fedoraproject.org/archives/list/[email protected]/message/CWQ2WKDWTSO47S3F6XJJ6HGG2ULWEAE4/
security-tracker.debian.org/tracker/CVE-2021-41611
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N