Test ID:	1.3.6.1.4.1.25623.1.0.146026
Category:	Denial of Service
Title:	Squid < 4.15, 5.0.x < 5.0.6 DoS Vulnerability (GHSA-572g-rvwr-6c7f, SQUID-2021:5)
Summary:	Squid is prone to a denial of service (DoS) vulnerability.
Description:	Summary: Squid is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: Due to an input validation bug Squid is vulnerable to a DoS against all clients using the proxy. This problem allows a remote server to perform a DoS when delivering HTTP Response messages. The issue trigger is a header which can be expected to exist in HTTP traffic without any malicious intent by the server. This flaw was part of the 'Squid Caching Proxy Security Audit: 55 vulnerabilities and 35 0days' publication in October 2023 and filed as 'Crash in Content-Range Response Header Logic'. Affected Software/OS: Squid versions prior to 4.15 and 5.0.0 through 5.0.5. Solution: Update to version 4.15, 5.0.6 or later. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-33620 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/ http://seclists.org/fulldisclosure/2023/Oct/14 http://www.squid-cache.org/Versions/v4/changesets/squid-4-1e05a85bd28c22c9ca5d3ac9f5e86d6269ec0a8c.patch http://www.squid-cache.org/Versions/v5/changesets/squid-5-8af775ed98bfd610f9ce762fe177e01b2675588c.patch https://github.com/squid-cache/squid/security/advisories/GHSA-572g-rvwr-6c7f https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html http://www.openwall.com/lists/oss-security/2023/10/11/3
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.