vulnerability
Oracle Linux: CVE-2021-31807: ELSA-2021-4292: squid:4 security, bug fix, and enhancement update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:N/I:N/A:C) | 2021-05-10 | 2021-09-25 | 2025-01-07 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:N/I:N/A:C)
Published
2021-05-10
Added
2021-09-25
Modified
2025-01-07
Description
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent.
An incorrect memory management flaw was found in Squid, where it is vulnerable to a denial of service attack against all clients using the proxy. The highest threat from this vulnerability is to system availability.
An incorrect memory management flaw was found in Squid, where it is vulnerable to a denial of service attack against all clients using the proxy. The highest threat from this vulnerability is to system availability.
Solution(s)
oracle-linux-upgrade-libecaporacle-linux-upgrade-libecap-develoracle-linux-upgrade-squidoracle-linux-upgrade-squid-migration-scriptoracle-linux-upgrade-squid-sysvinit
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.