Veracode Vulnerability DatabaseVERACODE:32470Denial Of Service (DoS)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
squid:sid is vulnerable to denial of service. Lack of secure certificate validation of TLS server certificates allows a remote server to obtain security trust when the trust is not valid. This indication of trust may be passed along to clients allowing access to unsafe or hijacked services.
| CPE | Name | Operator | Version |
|---|---|---|---|
| squid:sid | eq | 4.13-1 | |
| squid:sid | eq | 4.13-6 | |
| squid:edge | eq | 5.0.7-r1 | |
| squid:edge | eq | 5.1-r1 | |
| squid:edge | eq | 5.0.5-r0 | |
| squid:edge | eq | 5.1-r0 | |
| squid:edge | eq | 4.10-r0 | |
| squid:edge | eq | 5.0.6-r0 | |
| squid:edge | eq | 5.0.7-r0 | |
| squid:edge | eq | 4.11-r0 |
References
www.openwall.com/lists/oss-security/2021/12/23/2
www.squid-cache.org/Versions/v6/changesets/squid-6-43d6b5c81b88ec2256b430c69a872a1e4f324e4a.patch
github.com/squid-cache/squid/security/advisories/GHSA-47m4-g3mv-9q5r
lists.fedoraproject.org/archives/list/[email protected]/message/CWQ2WKDWTSO47S3F6XJJ6HGG2ULWEAE4/
security-tracker.debian.org/tracker/CVE-2021-41611
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N