Denial of Service : Squid 1.0 < 4.14, 5.0 < 5.0.5 DoS Vulnerability (GHSA-m47m-9hvw-7447, SQUID-2021:3)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.146028

Kategorie: Denial of Service

Titel: Squid 1.0 < 4.14, 5.0 < 5.0.5 DoS Vulnerability (GHSA-m47m-9hvw-7447, SQUID-2021:3)

Zusammenfassung: Squid is prone to a denial of service (DoS) vulnerability in; the Cache Manager.

Beschreibung: Summary:
Squid is prone to a denial of service (DoS) vulnerability in
the Cache Manager.

Vulnerability Insight:
Due to an incorrect parser validation bug Squid is vulnerable to
a DoS attack against the Cache Manager API.

This problem allows a trusted client to trigger memory leaks which over time lead to a DoS against
Squid and the machine it is operating on.

This attack is limited to clients with Cache Manager API access privilege.

This flaw was part of the 'Squid Caching Proxy Security Audit: 55 vulnerabilities and 35 0days'
publication in October 2023 and filed as 'Memory Leak in CacheManager URI Parsing'.

Affected Software/OS:
Squid version 1.0 through 4.14 and 5.0 through 5.0.5.

Solution:
Update to version 4.15, 5.0.6 or later. See the referenced vendor
advisory for a workaround.

CVSS Score:
4.0

CVSS Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2021-28652
Debian Security Information: DSA-4924 (Google Search)
https://www.debian.org/security/2021/dsa-4924
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/
http://seclists.org/fulldisclosure/2023/Oct/14
https://bugs.squid-cache.org/show_bug.cgi?id=5106
https://github.com/squid-cache/squid/security/advisories/GHSA-m47m-9hvw-7447
https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html
http://www.openwall.com/lists/oss-security/2023/10/11/3

Copyright Copyright (C) 2021 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.146028
Kategorie:	Denial of Service
Titel:	Squid 1.0 < 4.14, 5.0 < 5.0.5 DoS Vulnerability (GHSA-m47m-9hvw-7447, SQUID-2021:3)
Zusammenfassung:	Squid is prone to a denial of service (DoS) vulnerability in; the Cache Manager.
Beschreibung:	Summary: Squid is prone to a denial of service (DoS) vulnerability in the Cache Manager. Vulnerability Insight: Due to an incorrect parser validation bug Squid is vulnerable to a DoS attack against the Cache Manager API. This problem allows a trusted client to trigger memory leaks which over time lead to a DoS against Squid and the machine it is operating on. This attack is limited to clients with Cache Manager API access privilege. This flaw was part of the 'Squid Caching Proxy Security Audit: 55 vulnerabilities and 35 0days' publication in October 2023 and filed as 'Memory Leak in CacheManager URI Parsing'. Affected Software/OS: Squid version 1.0 through 4.14 and 5.0 through 5.0.5. Solution: Update to version 4.15, 5.0.6 or later. See the referenced vendor advisory for a workaround. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2021-28652 Debian Security Information: DSA-4924 (Google Search) https://www.debian.org/security/2021/dsa-4924 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/ http://seclists.org/fulldisclosure/2023/Oct/14 https://bugs.squid-cache.org/show_bug.cgi?id=5106 https://github.com/squid-cache/squid/security/advisories/GHSA-m47m-9hvw-7447 https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html http://www.openwall.com/lists/oss-security/2023/10/11/3
Copyright	Copyright (C) 2021 Greenbone AG