CVE-2021-33620
published 2021-05-28CVE-2021-33620: Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The…
PriorityP350medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
79.58%
99.6th percentile
Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | squid | < squid 4.13-10 (bookworm) | squid 4.13-10 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| squid-cache | squid | < 4.15 | 4.15 |
| squid-cache | squid | >= 5.0 < 5.0.6 | 5.0.6 |
| squid | squid | >= 0 < 4.13-10 | 4.13-10 |
| squid | squid | >= 0 < 4.13-10 | 4.13-10 |
| squid | squid | >= 0 < 4.13-10 | 4.13-10 |
| squid | squid | >= 0 < 4.13-10 | 4.13-10 |
| squid | squid | >= 0 < 4.10-1ubuntu1.4 | 4.10-1ubuntu1.4 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerable versions of Squid are before 4.15 and 5.x before 5.0.6; detect these versions in use as a proxy to identify exposure to this DoS via HTTP response header processing ↗
- →The DoS trigger is a specific HTTP response header that can appear in normal traffic; monitor Squid proxy processes for unexpected crashes or availability loss correlated with upstream HTTP responses containing unusual headers ↗
- →The vulnerability is an input validation flaw in HTTP response message processing; monitor Squid logs for repeated failed responses from upstream servers coinciding with proxy-wide client unavailability ↗
- ·No mitigation is available from Red Hat; patching to Squid 4.15+ or 5.0.6+ is the only remediation ↗
- ·Red Hat Enterprise Linux 9 is not affected; RHEL 6 and 7 are out of support scope for this moderate-rated flaw ↗
- ·Debian fixed this in squid package version 4.13-10 across bookworm, bullseye, forky, sid, and trixie ↗
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
osv7.5HIGH
vendor_ubuntu7.5HIGH
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Squid vulnerabilities
vendor_ubuntu·2021-06-03·CVSS 7.5
CVE-2021-28651 [HIGH] Squid vulnerabilities
Title: Squid vulnerabilities
Summary: Several security issues were fixed in Squid.
Joshua Rogers discovered that Squid incorrectly handled requests with the
urn: scheme. A remote attacker could possibly use this issue to cause
Squid to consume resources, leading to a denial of service.
(CVE-2021-28651)
Joshua Rogers discovered that Squid incorrectly handled requests to the
Cache Manager API. A remote attacker with access privileges could possibly
use this issue to cause Squid to consume resources, leading to a denial of
service. This issue was only addressed in Ubuntu 20.04 LTS, Ubuntu 20.10,
and Ubuntu 21.04. (CVE-2021-28652)
Joshua Rogers discovered that Squid incorrectly handled certain response
headers. A remote attacker could possibly use this issue to cause Squid to
crash, result
Red Hat
squid: denial of service in HTTP response processing
vendor_redhat·2021-05-10·CVSS 6.5
CVE-2021-33620 [MEDIUM] CWE-20 squid: denial of service in HTTP response processing
squid: denial of service in HTTP response processing
Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server.
An input validation flaw was found in Squid. This issue could allow a remote server to perform a denial of service against all clients using the proxy when delivering HTTP response messages. The highest threat from this vulnerability is to system availability.
Statement: This issue has been rated as having a security impact of Moderate. At this stage in their life, Red Hat Enterprise Linux 6 and 7 only accept Important and Critical Security Advisories (RHSAs) and this
Debian
CVE-2021-33620: squid - Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial o...
vendor_debian·2021·CVSS 6.5
CVE-2021-33620 [MEDIUM] CVE-2021-33620: squid - Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial o...
Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server.
Scope: local
bookworm: resolved (fixed in 4.13-10)
bullseye: resolved (fixed in 4.13-10)
forky: resolved (fixed in 4.13-10)
sid: resolved (fixed in 4.13-10)
trixie: resolved (fixed in 4.13-10)
GHSA
GHSA-56g5-gjqr-cc85: Squid before 4
ghsa_unreviewed·2022-05-24
CVE-2021-33620 [MEDIUM] CWE-20 GHSA-56g5-gjqr-cc85: Squid before 4
Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server.
OSV
squid, squid3 vulnerabilities
osv·2021-06-03·CVSS 7.5
CVE-2021-28651 [HIGH] squid, squid3 vulnerabilities
squid, squid3 vulnerabilities
Joshua Rogers discovered that Squid incorrectly handled requests with the
urn: scheme. A remote attacker could possibly use this issue to cause
Squid to consume resources, leading to a denial of service.
(CVE-2021-28651)
Joshua Rogers discovered that Squid incorrectly handled requests to the
Cache Manager API. A remote attacker with access privileges could possibly
use this issue to cause Squid to consume resources, leading to a denial of
service. This issue was only addressed in Ubuntu 20.04 LTS, Ubuntu 20.10,
and Ubuntu 21.04. (CVE-2021-28652)
Joshua Rogers discovered that Squid incorrectly handled certain response
headers. A remote attacker could possibly use this issue to cause Squid to
crash, resulting in a denial of service. This issue was only affect
OSV
CVE-2021-33620: Squid before 4
osv·2021-05-28·CVSS 6.5
CVE-2021-33620 [MEDIUM] CVE-2021-33620: Squid before 4
Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://seclists.org/fulldisclosure/2023/Oct/14http://www.openwall.com/lists/oss-security/2023/10/11/3http://www.squid-cache.org/Versions/v4/changesets/squid-4-1e05a85bd28c22c9ca5d3ac9f5e86d6269ec0a8c.patchhttp://www.squid-cache.org/Versions/v5/changesets/squid-5-8af775ed98bfd610f9ce762fe177e01b2675588c.patchhttps://github.com/squid-cache/squid/security/advisories/GHSA-572g-rvwr-6c7fhttps://lists.debian.org/debian-lts-announce/2021/06/msg00014.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/http://seclists.org/fulldisclosure/2023/Oct/14http://www.openwall.com/lists/oss-security/2023/10/11/3http://www.squid-cache.org/Versions/v4/changesets/squid-4-1e05a85bd28c22c9ca5d3ac9f5e86d6269ec0a8c.patchhttp://www.squid-cache.org/Versions/v5/changesets/squid-5-8af775ed98bfd610f9ce762fe177e01b2675588c.patchhttps://github.com/squid-cache/squid/security/advisories/GHSA-572g-rvwr-6c7fhttps://lists.debian.org/debian-lts-announce/2021/06/msg00014.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/
2021-05-28
Published