CVE-2021-31807

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Squid versions prior to 4.15 Squid versions 5.x prior to 5.0.6

Description An issue was discovered that allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent. This is related to an integer overflow problem.

Recommendations For Squid versions prior to 4.15, update to version 4.15 or later. For Squid versions 5.x prior to 5.0.6, update to version 5.0.6 or later. As a temporary workaround, consider restricting access to HTTP Range requests until a patch is available.

Exploit

Fix

DoS

RCE

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-190

Related Identifiers

ALSA-2021:4292

ALT-PU-2021-2058

ALT-PU-2021-2829

BDU:2021-05158

BDU:2021-05301

CESA-2021_4292

CVE-2021-31807

DLA-2685-1

DSA-4924-1

GHSA-PXWQ-F3QR-W2XF

MGASA-2021-0237

RHSA-2021:4292

RHSA-2021_4292

RLSA-2021:4292

USN-4981-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Squid

Squid Cache

Ubuntu

CVE-2021-31807

Weakness Enumeration

Related Identifiers

Affected Products

References · 76