CVE-2021-46784
MEDIUMSquid 3.0-3.5.28, 4.x-4.17, <5.6 - Denial of Service via Gopher Server Response
Title source: llmDescription
In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.
References (9)
Core 9
Core References
Mailing List mailing-list
http://www.openwall.com/lists/oss-security/2023/10/13/1
Mailing List mailing-list
http://www.openwall.com/lists/oss-security/2023/10/13/10
Mailing List mailing-list
http://www.openwall.com/lists/oss-security/2023/10/21/1
Patch, Vendor Advisory
http://www.squid-cache.org/Versions/v5/changesets/SQUID-2021_7.patch
Patch, Third Party Advisory
https://github.com/squid-cache/squid/commit/5e2ea2b13bd98f53e29964ca26bb0d602a8a12b9
Mitigation, Patch, Third Party Advisory
https://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w
Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2021-46784
Third Party Advisory
https://security.netapp.com/advisory/ntap-20221223-0007/
Scores
CVSS v3
6.5
EPSS
0.0360
EPSS Percentile
88.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-617
Status
published
Products (4)
debian/debian_linux
10.0
debian/debian_linux
11.0
debian/debian_linux
12.0
squid-cache/squid
3.0 - 3.5.28
Published
Jul 17, 2022
Tracked Since
Feb 18, 2026