4.9

CVE-2021-28652

Exploit
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short query string. This attack is limited to clients with Cache Manager API access privilege.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Squid-cacheSquid Version >= 1.0 < 4.15
Squid-cacheSquid Version >= 5.0 < 5.0.6
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
FedoraprojectFedora Version33
FedoraprojectFedora Version34
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.34% 0.899
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.9 1.2 3.6
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:N/A:P
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/
http://seclists.org/fulldisclosure/2023/Oct/14
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2023/10/11/3
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html
Third Party Advisory
Mailing List
https://www.debian.org/security/2021/dsa-4924
Third Party Advisory
https://bugs.squid-cache.org/show_bug.cgi?id=5106
Vendor Advisory
Exploit
Issue Tracking
https://github.com/squid-cache/squid/security/advisories/GHSA-m47m-9hvw-7447
Patch
Third Party Advisory