PT-2021-5367 · Squid+9 · Squid+10

Lyu

·

Published

2021-03-09

·

Updated

2024-06-15

·

CVE-2021-28116

CVSS v2.0

6.4

Medium

VectorAV:N/AC:L/Au:N/C:P/I:P/A:N
Name of the Vulnerable Software and Affected Versions Squid versions 4.14 and 5.x through 5.0.5
Description The issue is related to an out-of-bounds read in WCCP protocol data, which can lead to information disclosure. This can be leveraged as part of a chain for remote code execution. The vulnerability is associated with a buffer read beyond its boundaries, allowing a remote attacker to gain access to confidential information by substituting the list of known Squid WCCP routers and redirecting traffic to a controlled router.
Recommendations For Squid versions 4.14 and 5.x through 5.0.5, consider disabling the WCCP protocol as a temporary workaround until a patch is available. Restrict access to the WCCP protocol data to minimize the risk of exploitation. Avoid using configurations that allow information disclosure through the WCCP protocol until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALSA-2022:1939
ALT-PU-2021-2058
ALT-PU-2021-2829
BDU:2021-06197
CESA-2022_1939
CVE-2021-28116
DSA-5171-1
GHSA-RGF3-9V3P-QP82
MGASA-2021-0499
OESA-2022-1618
OPENSUSE-SU-2021:1419-1
OPENSUSE-SU-2021:3485-1
OPENSUSE-SU-2021_1419-1
OPENSUSE-SU-2021_3485-1
OPENSUSE-SU-2024:11559-1
RHSA-2022:1939
RHSA-2022_1939
RLSA-2022:1939
SUSE-SU-2021:3334-1
SUSE-SU-2021:3485-1
SUSE-SU-2021_3334-1
SUSE-SU-2021_3485-1
USN-5104-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Red Hat
Rocky Linux
Squid
Squid Cache
Suse
Ubuntu