Denial of Service Vulnerability in Squid Proxy Server by Squid Software
CVE-2021-28651

7.5HIGH

Key Information:

Vendor: Squid-cache
Status: Squid
Vendor: CVE Published:; 27 May 2021

🔔 Create Squid-cache Vulnerability Alert

What is CVE-2021-28651?

A vulnerability has been identified in Squid Proxy Server that can lead to a denial of service due to a buffer-management issue. When processing requests that use the 'urn:' scheme, an incorrect memory handling approach allows for a minor memory leak. Even more concerning, there is an unreported method of attack that can trigger significant memory consumption, potentially impacting the server's performance and availability.

References

https://bugs.squid-cache.org/show_bug.cgi?id=5104

https://github.com/squid-cache/squid/security/advisories/...

https://www.debian.org/security/2021/dsa-4924

vendor-advisory

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2021
Vulnerability Reserved
Mar 17, 2021