CVE-2021-28662

CVSS v3.1 6.5 (Medium)

CVSS v2.0 4.3 (Medium)

EPSS 17.56 % (96^th)

Affected Products 3

Advisories 15

An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic.

Weaknesses

CWE-116: Improper Encoding or Escaping of Output

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2021-05-27 12:15:08
(3 years ago)
Updated Date: 2023-11-07 03:32:18
(10 months ago)

Affected Products

Configuration #1

		CPE23	From	Up To
	Squid-cache Squid from 4.0.1 version and prior 4.15 version	cpe:2.3:a:squid-cache:squid	>= 4.0.1	< 4.15
	Squid-cache Squid from 5.0 version and prior 5.0.6 version	cpe:2.3:a:squid-cache:squid	>= 5.0	< 5.0.6

Configuration #2

		CPE23	From	Up To
	Debian Linux 10.0	cpe:2.3:o:debian:debian_linux:10.0

Configuration #3

		CPE23	From	Up To
	Fedoraproject Fedora 33	cpe:2.3:o:fedoraproject:fedora:33
	Fedoraproject Fedora 34	cpe:2.3:o:fedoraproject:fedora:34

Weaknesses

Affected Products

Debian

Fedoraproject

Squid-cache

Configuration #1

Configuration #2

Configuration #3