6.5

CVE-2021-46784

In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Squid-cacheSquid Version >= 3.0 <= 3.5.28
Squid-cacheSquid Version >= 4.0 <= 4.17
Squid-cacheSquid Version >= 5.0 < 5.6
DebianDebian Linux Version10.0
DebianDebian Linux Version11.0
DebianDebian Linux Version12.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.62% 0.88
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

http://www.openwall.com/lists/oss-security/2023/10/13/1
http://www.openwall.com/lists/oss-security/2023/10/13/10
http://www.openwall.com/lists/oss-security/2023/10/21/1
http://www.squid-cache.org/Versions/v4/changesets/SQUID-2021_7.patch
Broken Link
http://www.squid-cache.org/Versions/v5/changesets/SQUID-2021_7.patch
Patch
Vendor Advisory
https://github.com/squid-cache/squid/commit/5e2ea2b13bd98f53e29964ca26bb0d602a8a12b9
Patch
Third Party Advisory
https://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w
Patch
Third Party Advisory
Mitigation
https://security-tracker.debian.org/tracker/CVE-2021-46784
Third Party Advisory
https://security.netapp.com/advisory/ntap-20221223-0007/
Third Party Advisory