CVE-2021-28651

Summary

CVE	CVE-2021-28651
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-05-27 12:15:00 UTC
Updated	2023-11-07 03:32:00 UTC
Description	An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption.

Risk And Classification

Problem Types: CWE-401

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Operating System	Fedoraproject	Fedora	33	All	All	All
Operating System	Fedoraproject	Fedora	34	All	All	All
Application	Netapp	Cloud Manager	-	All	All	All
Application	Squid-cache	Squid	All	All	All	All

References

Reference	Source	Link	Tags
[SECURITY] Fedora 33 Update: squid-4.15-1.fc33 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
June 2021 Squid Vulnerabilities in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
[SECURITY] Fedora 33 Update: squid-4.15-1.fc33 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
Bug 5104 – Memory leak in RFC 2169 response parsing	MISC	bugs.squid-cache.org
Debian -- Security Information -- DSA-4924-1 squid	DEBIAN	www.debian.org
[SECURITY] [DLA 2685-1] squid3 security update	MLIST	lists.debian.org
SQUID-2021:1 Denial of Service in URN processing · Advisory · squid-cache/squid · GitHub	MISC	github.com
20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.	FULLDISC	seclists.org
[SECURITY] Fedora 34 Update: squid-5.0.6-1.fc34 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 34 Update: squid-5.0.6-1.fc34 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
oss-security - Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.	MLIST	www.openwall.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

159409 Oracle Enterprise Linux Security Update for squid (ELSA-2021-9465)
159483 Oracle Enterprise Linux Security Update for squid:4 (ELSA-2021-4292)
178623 Debian Security Update for squid (DSA 4924-1)
178639 Debian Security Update for squid (DSA 4924-1)
178671 Debian Security Update for squid3 (DLA 2685-1)
180053 Debian Security Update for squid (CVE-2021-28651)
198400 Ubuntu Security Notification for Squid vulnerabilities (USN-4981-1)
239815 Red Hat Update for squid:4 security (RHSA-2021:4292)
281619 Fedora Security Update for squid (FEDORA-2021-c0bec55ec7)
281620 Fedora Security Update for squid (FEDORA-2021-24af72ff2c)
296065 Oracle Solaris 11.4 Support Repository Update (SRU) 39.107.1 Missing (CPUOCT2021)
354752 Amazon Linux Security Advisory for squid : ALAS-2023-1687
354783 Amazon Linux Security Advisory for squid : ALAS2-2023-1950
356184 Amazon Linux Security Advisory for squid : ALASSQUID4-2023-004
375570 Squid Multiple Denial Of Service Vulnerability (SQUID-2021:1,SQUID-2021:2,SQUID-2021:3,SQUID-2021:4,SQUID-2021:5)
500661 Alpine Linux Security Update for squid
500786 Alpine Linux Security Update for squid
501497 Alpine Linux Security Update for squid
502032 Alpine Linux Security Update for squid
504433 Alpine Linux Security Update for squid
670559 EulerOS Security Update for squid (EulerOS-SA-2021-2317)
670675 EulerOS Security Update for squid (EulerOS-SA-2021-2433)
670761 EulerOS Security Update for squid (EulerOS-SA-2021-2519)
670916 EulerOS Security Update for squid (EulerOS-SA-2021-2433)
670997 EulerOS Security Update for squid (EulerOS-SA-2021-2618)
710101 Gentoo Linux Squid Multiple vulnerabilities (GLSA 202105-14)
750098 SUSE Enterprise Linux Security Update for squid (SUSE-SU-2021:1838-1)
750160 SUSE Enterprise Linux Security Update for squid (SUSE-SU-2021:1961-1)
750641 OpenSUSE Security Update for squid (openSUSE-SU-2021:0879-1)
750782 OpenSUSE Security Update for squid (openSUSE-SU-2021:1961-1)
752348 SUSE Enterprise Linux Security Update for squid (SUSE-SU-2022:2392-1)
753288 SUSE Enterprise Linux Security Update for squid3 (SUSE-SU-2022:14914-1)
940500 AlmaLinux Security Update for squid:4 (ALSA-2021:4292)
960193 Rocky Linux Security Update for squid:4 (RLSA-2021:4292)