Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-41611

An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed along to clients, allowing access to unsafe or hijacked services.

Published

2021-10-18T09:15:08.823

Last Modified

2024-11-21T06:26:31.043

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-295

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	squid-cache	squid	< 5.2	Yes
Operating System	fedoraproject	fedora	35	Yes

References

http://www.openwall.com/lists/oss-security/2021/12/23/2 Mailing List, Third Party Advisory ([email protected])
http://www.squid-cache.org/Versions/v6/changesets/squid-6-43d6b5c81b88ec2256b430c69a872a1e4f324e4a.patch Vendor Advisory ([email protected])
https://github.com/squid-cache/squid/security/advisories/GHSA-47m4-g3mv-9q5r Patch, Third Party Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CWQ2WKDWTSO47S3F6XJJ6HGG2ULWEAE4/ ([email protected])
http://www.openwall.com/lists/oss-security/2021/12/23/2 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.squid-cache.org/Versions/v6/changesets/squid-6-43d6b5c81b88ec2256b430c69a872a1e4f324e4a.patch Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/squid-cache/squid/security/advisories/GHSA-47m4-g3mv-9q5r Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CWQ2WKDWTSO47S3F6XJJ6HGG2ULWEAE4/ (af854a3a-2127-422b-91ae-364da2661108)