CVE-2021-28652

CVSS v3.1 4.9 (Medium)

CVSS v2.0 4 (Medium)

EPSS 0.38 % (73^th)

Affected Products 3

Advisories 18

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short query string. This attack is limited to clients with Cache Manager API access privilege.

Weaknesses

CWE-401: Missing Release of Memory after Effective Lifetime

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2021-05-27 12:15:08
(3 years ago)
Updated Date: 2023-11-07 03:32:17
(10 months ago)

Affected Products

Configuration #1

		CPE23	From	Up To
	Squid-cache Squid from 1.0 version and prior 4.15 version	cpe:2.3:a:squid-cache:squid	>= 1.0	< 4.15
	Squid-cache Squid from 5.0 version and prior 5.0.6 version	cpe:2.3:a:squid-cache:squid	>= 5.0	< 5.0.6

Configuration #2

		CPE23	From	Up To
	Debian Linux 9.0	cpe:2.3:o:debian:debian_linux:9.0
	Debian Linux 10.0	cpe:2.3:o:debian:debian_linux:10.0

Configuration #3

		CPE23	From	Up To
	Fedoraproject Fedora 33	cpe:2.3:o:fedoraproject:fedora:33
	Fedoraproject Fedora 34	cpe:2.3:o:fedoraproject:fedora:34

Weaknesses

Affected Products

Debian

Fedoraproject

Squid-cache

Configuration #1

Configuration #2

Configuration #3