CVE-2021-31806

CVSS v3.1 6.5 (Medium)

CVSS v2.0 4 (Medium)

EPSS 91.62 % (99^th)

Affected Products 4

Advisories 17

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing.

Weaknesses

CWE-116: Improper Encoding or Escaping of Output

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2021-05-27 13:15:08
(3 years ago)
Updated Date: 2023-11-07 03:35:00
(10 months ago)

Affected Products

Configuration #1

		CPE23	From	Up To
	Squid-cache Squid prior 4.15 version	cpe:2.3:a:squid-cache:squid		< 4.15
	Squid-cache Squid from 5.0 version and prior 5.0.6 version	cpe:2.3:a:squid-cache:squid	>= 5.0	< 5.0.6

Configuration #2

		CPE23	From	Up To
	Debian Linux 9.0	cpe:2.3:o:debian:debian_linux:9.0
	Debian Linux 10.0	cpe:2.3:o:debian:debian_linux:10.0

Configuration #3

		CPE23	From	Up To
	Fedoraproject Fedora 33	cpe:2.3:o:fedoraproject:fedora:33
	Fedoraproject Fedora 34	cpe:2.3:o:fedoraproject:fedora:34

Configuration #4

		CPE23	From	Up To
	Netapp Cloud Manager	cpe:2.3:a:netapp:cloud_manager:-

Weaknesses

Affected Products

Debian

Fedoraproject

Netapp

Squid-cache

Configuration #1

Configuration #2

Configuration #3

Configuration #4