7.5
CVE-2021-28651
- EPSS 7.45%
- Veröffentlicht 27.05.2021 12:15:08
- Zuletzt bearbeitet 21.11.2024 06:00:01
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Squid-cache ≫ Squid Version >= 2.0 < 4.15
Squid-cache ≫ Squid Version >= 5.0 < 5.0.6
Debian ≫ Debian Linux Version9.0
Debian ≫ Debian Linux Version10.0
Fedoraproject ≫ Fedora Version33
Fedoraproject ≫ Fedora Version34
Netapp ≫ Cloud Manager Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 7.45% | 0.937 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/
http://seclists.org/fulldisclosure/2023/Oct/14
http://www.openwall.com/lists/oss-security/2023/10/11/3
https://bugs.squid-cache.org/show_bug.cgi?id=5104
https://github.com/squid-cache/squid/security/advisories/GHSA-ch36-9jhx-phm4
https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html
https://security.netapp.com/advisory/ntap-20210716-0007/
https://www.debian.org/security/2021/dsa-4924