vulnerability
Oracle Linux: CVE-2021-28651: ELSA-2021-4292: squid:4 security, bug fix, and enhancement update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | May 10, 2021 | Sep 25, 2021 | Sep 30, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
May 10, 2021
Added
Sep 25, 2021
Modified
Sep 30, 2025
Description
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption.
An input validation flaw was found in Squid. This issue could allow a malicious server in collaboration with a trusted client to consume arbitrarily large amounts of memory on the server running Squid. The highest threat from this vulnerability is to system availability.
An input validation flaw was found in Squid. This issue could allow a malicious server in collaboration with a trusted client to consume arbitrarily large amounts of memory on the server running Squid. The highest threat from this vulnerability is to system availability.
Solutions
oracle-linux-upgrade-libecaporacle-linux-upgrade-libecap-develoracle-linux-upgrade-squidoracle-linux-upgrade-squid-migration-scriptoracle-linux-upgrade-squid-sysvinit
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.