Exploitation Summary
EIP tracks 1 public exploit for CVE-2021-31807.
PoCs published by Joshua Rogers, including Metasploit module auxiliary/dos/http/squid_range_dos.
AI-analyzed exploit summary This Metasploit module exploits CVE-2021-31807, a denial-of-service vulnerability in Squid Proxy versions 3.0-4.1.4 and 5.0.1-5.0.5. It sends malformed Range headers to trigger assertions in Squid's range handler, causing a crash.
Description
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent.
Exploits (1)
This Metasploit module exploits CVE-2021-31807, a denial-of-service vulnerability in Squid Proxy versions 3.0-4.1.4 and 5.0.1-5.0.5. It sends malformed Range headers to trigger assertions in Squid's range handler, causing a crash.
References (8)
Scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H