PT-2021-3105 · Squid+8 · Squid+9

Joshua Rogers

Published

2021-05-10

Updated

2023-10-24

CVE-2021-31808

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Squid versions prior to 4.15 Squid versions 5.x prior to 5.0.6

Description The issue exists due to insufficient validation of user-input data when delivering responses to HTTP range requests. This can be exploited by a remote attacker to cause a denial of service. A client can send an HTTP Range request to trigger this issue.

Recommendations For Squid versions prior to 4.15, update to version 4.15 or later. For Squid versions 5.x prior to 5.0.6, update to version 5.0.6 or later. As a temporary workaround, consider restricting access to HTTP Range requests until a patch is available.

Exploit

Fix

DoS

RCE

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-190

Related Identifiers

ALSA-2021:4292

ALT-PU-2021-2058

ALT-PU-2021-2829

BDU:2021-02728

CESA-2021_4292

CVE-2021-31808

DLA-2685-1

DSA-4924-1

GHSA-PXWQ-F3QR-W2XF

MGASA-2021-0237

OESA-2021-1240

RHSA-2021:4292

RHSA-2021_4292

RLSA-2021:4292

USN-4981-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Rocky Linux

Squid

Squid Cache

Ubuntu

PT-2021-3105 · Squid+8 · Squid+9

CVE-2021-31808

Weakness Enumeration

Related Identifiers

Affected Products

References · 81