Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-46784

In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.

Published

2022-07-17T22:15:08.737

Last Modified

2024-11-21T06:34:42.853

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-617

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	squid-cache	squid	≤ 3.5.28	Yes
Application	squid-cache	squid	≤ 4.17	Yes
Application	squid-cache	squid	< 5.6	Yes
Operating System	debian	debian_linux	10.0	Yes
Operating System	debian	debian_linux	11.0	Yes
Operating System	debian	debian_linux	12.0	Yes

References

http://www.openwall.com/lists/oss-security/2023/10/13/1 ([email protected])
http://www.openwall.com/lists/oss-security/2023/10/13/10 ([email protected])
http://www.openwall.com/lists/oss-security/2023/10/21/1 ([email protected])
http://www.squid-cache.org/Versions/v4/changesets/SQUID-2021_7.patch Broken Link ([email protected])
http://www.squid-cache.org/Versions/v5/changesets/SQUID-2021_7.patch Patch, Vendor Advisory ([email protected])
https://github.com/squid-cache/squid/commit/5e2ea2b13bd98f53e29964ca26bb0d602a8a12b9 Patch, Third Party Advisory ([email protected])
https://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w Mitigation, Patch, Third Party Advisory ([email protected])
https://security-tracker.debian.org/tracker/CVE-2021-46784 Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20221223-0007/ Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2023/10/13/1 (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2023/10/13/10 (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2023/10/21/1 (af854a3a-2127-422b-91ae-364da2661108)
http://www.squid-cache.org/Versions/v4/changesets/SQUID-2021_7.patch Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.squid-cache.org/Versions/v5/changesets/SQUID-2021_7.patch Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/squid-cache/squid/commit/5e2ea2b13bd98f53e29964ca26bb0d602a8a12b9 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w Mitigation, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security-tracker.debian.org/tracker/CVE-2021-46784 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20221223-0007/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)