CVE-2021-28651

CVSS v3.1 7.5 (High)

CVSS v2.0 5 (Medium)

EPSS 1.55 % (87^th)

Affected Products 4

Advisories 20

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption.

Weaknesses

CWE-401: Missing Release of Memory after Effective Lifetime

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2021-05-27 12:15:08
(3 years ago)
Updated Date: 2023-11-07 03:32:17
(10 months ago)

Affected Products

Configuration #1

		CPE23	From	Up To
	Squid-cache Squid from 2.0 version and prior 4.15 version	cpe:2.3:a:squid-cache:squid	>= 2.0	< 4.15
	Squid-cache Squid from 5.0 version and prior 5.0.6 version	cpe:2.3:a:squid-cache:squid	>= 5.0	< 5.0.6

Configuration #2

		CPE23	From	Up To
	Debian Linux 9.0	cpe:2.3:o:debian:debian_linux:9.0
	Debian Linux 10.0	cpe:2.3:o:debian:debian_linux:10.0

Configuration #3

		CPE23	From	Up To
	Fedoraproject Fedora 33	cpe:2.3:o:fedoraproject:fedora:33
	Fedoraproject Fedora 34	cpe:2.3:o:fedoraproject:fedora:34

Configuration #4

		CPE23	From	Up To
	Netapp Cloud Manager	cpe:2.3:a:netapp:cloud_manager:-

Weaknesses

Affected Products

Debian

Fedoraproject

Netapp

Squid-cache

Configuration #1

Configuration #2

Configuration #3

Configuration #4