PT-2021-3106 · Squid+9 · Squid+10

Joshua Rogers

·

Published

2021-05-10

·

Updated

2024-06-15

·

CVE-2021-31806

CVSS v2.0

6.8

Medium

VectorAV:N/AC:L/Au:S/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Squid versions prior to 4.15 Squid versions 5.x prior to 5.0.6
Description The issue is related to a memory-management bug that makes Squid vulnerable to a Denial of Service attack against all clients using the proxy. This can be exploited via HTTP Range request processing. The vulnerability exists due to insufficient checking of user-input data during HTTP Range request processing, allowing a remote attacker to cause a denial of service.
Recommendations For Squid versions prior to 4.15, update to version 4.15 or later. For Squid versions 5.x prior to 5.0.6, update to version 5.0.6 or later. As a temporary workaround, consider restricting access to HTTP Range request processing until a patch is available.

Exploit

Fix

DoS

RCE

Improper Encoding or Escaping of Output

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-116

Related Identifiers

ALSA-2021:4292
ALT-PU-2021-2058
ALT-PU-2021-2829
BDU:2021-02729
CESA-2021_4292
CVE-2021-31806
DLA-2685-1
DSA-4924-1
GHSA-PXWQ-F3QR-W2XF
MGASA-2021-0237
OESA-2021-1240
OPENSUSE-SU-2021:0879-1
OPENSUSE-SU-2021:1961-1
OPENSUSE-SU-2021_0879-1
OPENSUSE-SU-2021_1961-1
OPENSUSE-SU-2024:11403-1
RHSA-2021:4292
RHSA-2021_4292
RLSA-2021:4292
SUSE-SU-2021:1838-1
SUSE-SU-2021:1961-1
USN-4981-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Red Hat
Rocky Linux
Squid
Squid Cache
Suse
Ubuntu