Denial of Service : Squid 1.0 < 4.14, 5.0 < 5.0.5 DoS Vulnerability (GHSA-m47m-9hvw-7447, SQUID-2021:3)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.146028

Categoría: Denial of Service

Título: Squid 1.0 < 4.14, 5.0 < 5.0.5 DoS Vulnerability (GHSA-m47m-9hvw-7447, SQUID-2021:3)

Resumen: Squid is prone to a denial of service (DoS) vulnerability in; the Cache Manager.

Descripción: Summary:
Squid is prone to a denial of service (DoS) vulnerability in
the Cache Manager.

Vulnerability Insight:
Due to an incorrect parser validation bug Squid is vulnerable to
a DoS attack against the Cache Manager API.

This problem allows a trusted client to trigger memory leaks which over time lead to a DoS against
Squid and the machine it is operating on.

This attack is limited to clients with Cache Manager API access privilege.

This flaw was part of the 'Squid Caching Proxy Security Audit: 55 vulnerabilities and 35 0days'
publication in October 2023 and filed as 'Memory Leak in CacheManager URI Parsing'.

Affected Software/OS:
Squid version 1.0 through 4.14 and 5.0 through 5.0.5.

Solution:
Update to version 4.15, 5.0.6 or later. See the referenced vendor
advisory for a workaround.

CVSS Score:
4.0

CVSS Vector:
AV:N/AC:L/Au:S/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2021-28652
Debian Security Information: DSA-4924 (Google Search)
https://www.debian.org/security/2021/dsa-4924
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/
http://seclists.org/fulldisclosure/2023/Oct/14
https://bugs.squid-cache.org/show_bug.cgi?id=5106
https://github.com/squid-cache/squid/security/advisories/GHSA-m47m-9hvw-7447
https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html
http://www.openwall.com/lists/oss-security/2023/10/11/3

Copyright Copyright (C) 2021 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.146028
Categoría:	Denial of Service
Título:	Squid 1.0 < 4.14, 5.0 < 5.0.5 DoS Vulnerability (GHSA-m47m-9hvw-7447, SQUID-2021:3)
Resumen:	Squid is prone to a denial of service (DoS) vulnerability in; the Cache Manager.
Descripción:	Summary: Squid is prone to a denial of service (DoS) vulnerability in the Cache Manager. Vulnerability Insight: Due to an incorrect parser validation bug Squid is vulnerable to a DoS attack against the Cache Manager API. This problem allows a trusted client to trigger memory leaks which over time lead to a DoS against Squid and the machine it is operating on. This attack is limited to clients with Cache Manager API access privilege. This flaw was part of the 'Squid Caching Proxy Security Audit: 55 vulnerabilities and 35 0days' publication in October 2023 and filed as 'Memory Leak in CacheManager URI Parsing'. Affected Software/OS: Squid version 1.0 through 4.14 and 5.0 through 5.0.5. Solution: Update to version 4.15, 5.0.6 or later. See the referenced vendor advisory for a workaround. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-28652 Debian Security Information: DSA-4924 (Google Search) https://www.debian.org/security/2021/dsa-4924 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/ http://seclists.org/fulldisclosure/2023/Oct/14 https://bugs.squid-cache.org/show_bug.cgi?id=5106 https://github.com/squid-cache/squid/security/advisories/GHSA-m47m-9hvw-7447 https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html http://www.openwall.com/lists/oss-security/2023/10/11/3
Copyright	Copyright (C) 2021 Greenbone AG