CVE-2021-41611
published 2021-10-18CVE-2021-41611: An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain…
PriorityP345high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
2.85%
85.0th percentile
An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed along to clients, allowing access to unsafe or hijacked services.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | squid | < squid 5.2-1 (bookworm) | squid 5.2-1 (bookworm) |
| fedoraproject | fedora | — | — |
| squid-cache | squid | >= 5.0.6 < 5.2 | 5.2 |
| squid | squid | >= 0 < 5.2-1 | 5.2-1 |
| squid | squid | >= 0 < 5.2-1 | 5.2-1 |
| squid | squid | >= 0 < 5.2-1 | 5.2-1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
squid: improper certificate validation
vendor_redhat·2021-09-07·CVSS 7.5
CVE-2021-41611 [HIGH] CWE-295 squid: improper certificate validation
squid: improper certificate validation
An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed along to clients, allowing access to unsafe or hijacked services.
The squid proxy package may incorrectly classify certain certificates as trusted. This can allow traffic to obtain security trust when the trust is not valid. The highest threat from this vulnerability is to confidentiality and integrity.
Mitigation: The only mitigation is complete denial to TLS and HTTPS servers publishing affected certificate chains. The set of affected servers varies ov
Debian
CVE-2021-41611: squid - An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating...
vendor_debian·2021·CVSS 7.5
CVE-2021-41611 [HIGH] CVE-2021-41611: squid - An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating...
An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed along to clients, allowing access to unsafe or hijacked services.
Scope: local
bookworm: resolved (fixed in 5.2-1)
bullseye: resolved
forky: resolved (fixed in 5.2-1)
sid: resolved (fixed in 5.2-1)
trixie: resolved (fixed in 5.2-1)
OSV
CVE-2021-41611: An issue was discovered in Squid 5
osv·2021-10-18·CVSS 7.5
CVE-2021-41611 [HIGH] CVE-2021-41611: An issue was discovered in Squid 5
An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed along to clients, allowing access to unsafe or hijacked services.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.openwall.com/lists/oss-security/2021/12/23/2http://www.squid-cache.org/Versions/v6/changesets/squid-6-43d6b5c81b88ec2256b430c69a872a1e4f324e4a.patchhttps://github.com/squid-cache/squid/security/advisories/GHSA-47m4-g3mv-9q5rhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CWQ2WKDWTSO47S3F6XJJ6HGG2ULWEAE4/http://www.openwall.com/lists/oss-security/2021/12/23/2http://www.squid-cache.org/Versions/v6/changesets/squid-6-43d6b5c81b88ec2256b430c69a872a1e4f324e4a.patchhttps://github.com/squid-cache/squid/security/advisories/GHSA-47m4-g3mv-9q5rhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CWQ2WKDWTSO47S3F6XJJ6HGG2ULWEAE4/
2021-10-18
Published