Denial of Service in Squid Proxy Server Versions 3.x to 5.x
CVE-2021-46784

6.5MEDIUM

Key Information:

Vendor: Squid-cache
Status: Squid
Vendor: CVE Published:; 17 July 2022

🔔 Create Squid-cache Vulnerability Alert

What is CVE-2021-46784?

Inversions 3.x to 3.5.28, 4.x to 4.17, and 5.x before 5.6 of the Squid Proxy Server are susceptible to a Denial of Service attack. This vulnerability arises from improper handling and management of buffers when processing extensive Gopher server responses, potentially leading to service interruptions.

References

https://github.com/squid-cache/squid/commit/5e2ea2b13bd98...

http://www.squid-cache.org/Versions/v4/changesets/SQUID-2...

http://www.squid-cache.org/Versions/v5/changesets/SQUID-2...

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 17, 2022
Vulnerability Reserved
Apr 21, 2022