Denial of Service : Squid 2.5.STABLE2 < 4.15, 5.0.1 < 5.0.6 Multiple DoS Vulnerabilities (GHSA-pxwq-f3qr-w2xf, SQUID-2021:4)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.146027

Categoría: Denial of Service

Título: Squid 2.5.STABLE2 < 4.15, 5.0.1 < 5.0.6 Multiple DoS Vulnerabilities (GHSA-pxwq-f3qr-w2xf, SQUID-2021:4)

Resumen: Squid is prone to multiple denial of service (DoS) vulnerabilities.

Descripción: Summary:
Squid is prone to multiple denial of service (DoS) vulnerabilities.

Vulnerability Insight:
The following vulnerabilities exist:

- CVE-2021-31806: Due to an incorrect input validation bug Squid is vulnerable to a DoS attack
against all clients using the proxy.

- CVE-2021-31807: Due to an incorrect memory management bug Squid is vulnerable to a DoS attack
against all clients using the proxy.

- CVE-2021-31808: Due to an integer overflow bug Squid is vulnerable to a DoS attack against all
clients using the proxy.

These flaws were part of the 'Squid Caching Proxy Security Audit: 55 vulnerabilities and 35 0days'
publication in October 2023 and filed as 'Partial Content Parsing Use-After-Free', 'Integer
Overflow in Range Header' and 'Unsatisfiable Range Requests Assertion'.

Affected Software/OS:
Squid version 2.5.STABLE2 through 2.7.STABLE9, 3.0 through 4.14
and 5.0.1 through 5.0.5.

Solution:
Update to version 4.15, 5.0.6 or later.

CVSS Score:
4.0

CVSS Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2021-31806
Debian Security Information: DSA-4924 (Google Search)
https://www.debian.org/security/2021/dsa-4924
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/
http://seclists.org/fulldisclosure/2023/Oct/14
http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch
https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf
https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html
http://www.openwall.com/lists/oss-security/2023/10/11/3
Common Vulnerability Exposure (CVE) ID: CVE-2021-31807
Common Vulnerability Exposure (CVE) ID: CVE-2021-31808

Copyright Copyright (C) 2021 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.146027
Categoría:	Denial of Service
Título:	Squid 2.5.STABLE2 < 4.15, 5.0.1 < 5.0.6 Multiple DoS Vulnerabilities (GHSA-pxwq-f3qr-w2xf, SQUID-2021:4)
Resumen:	Squid is prone to multiple denial of service (DoS) vulnerabilities.
Descripción:	Summary: Squid is prone to multiple denial of service (DoS) vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - CVE-2021-31806: Due to an incorrect input validation bug Squid is vulnerable to a DoS attack against all clients using the proxy. - CVE-2021-31807: Due to an incorrect memory management bug Squid is vulnerable to a DoS attack against all clients using the proxy. - CVE-2021-31808: Due to an integer overflow bug Squid is vulnerable to a DoS attack against all clients using the proxy. These flaws were part of the 'Squid Caching Proxy Security Audit: 55 vulnerabilities and 35 0days' publication in October 2023 and filed as 'Partial Content Parsing Use-After-Free', 'Integer Overflow in Range Header' and 'Unsatisfiable Range Requests Assertion'. Affected Software/OS: Squid version 2.5.STABLE2 through 2.7.STABLE9, 3.0 through 4.14 and 5.0.1 through 5.0.5. Solution: Update to version 4.15, 5.0.6 or later. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-31806 Debian Security Information: DSA-4924 (Google Search) https://www.debian.org/security/2021/dsa-4924 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/ http://seclists.org/fulldisclosure/2023/Oct/14 http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html http://www.openwall.com/lists/oss-security/2023/10/11/3 Common Vulnerability Exposure (CVE) ID: CVE-2021-31807 Common Vulnerability Exposure (CVE) ID: CVE-2021-31808
Copyright	Copyright (C) 2021 Greenbone AG