CVE-2021-28662

Summary

CVE	CVE-2021-28662
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-05-27 12:15:00 UTC
Updated	2023-11-07 03:32:00 UTC
Description	An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic.

Risk And Classification

Problem Types: CWE-116

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Fedoraproject	Fedora	33	All	All	All
Operating System	Fedoraproject	Fedora	34	All	All	All
Application	Squid-cache	Squid	All	All	All	All

References

Reference	Source	Link	Tags
SQUID-2021:2 Denial of Service in HTTP Response Processing · Advisory · squid-cache/squid · GitHub	MISC	github.com
[SECURITY] Fedora 33 Update: squid-4.15-1.fc33 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
Merge pull request from GHSA-jjq6-mh2h-g39h · squid-cache/squid@0518249 · GitHub	MISC	github.com
[SECURITY] Fedora 33 Update: squid-4.15-1.fc33 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
Debian -- Security Information -- DSA-4924-1 squid	DEBIAN	www.debian.org
20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.	FULLDISC	seclists.org
[SECURITY] Fedora 34 Update: squid-5.0.6-1.fc34 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 34 Update: squid-5.0.6-1.fc34 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
www.squid-cache.org/Versions/v6/changesets/squid-6-051824924c709bd6162a378f746fb8...	MISC	www.squid-cache.org
oss-security - Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.	MLIST	www.openwall.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

159483 Oracle Enterprise Linux Security Update for squid:4 (ELSA-2021-4292)
178623 Debian Security Update for squid (DSA 4924-1)
178639 Debian Security Update for squid (DSA 4924-1)
179660 Debian Security Update for squid (CVE-2021-28662)
198400 Ubuntu Security Notification for Squid vulnerabilities (USN-4981-1)
239815 Red Hat Update for squid:4 security (RHSA-2021:4292)
281619 Fedora Security Update for squid (FEDORA-2021-c0bec55ec7)
281620 Fedora Security Update for squid (FEDORA-2021-24af72ff2c)
296065 Oracle Solaris 11.4 Support Repository Update (SRU) 39.107.1 Missing (CPUOCT2021)
356184 Amazon Linux Security Advisory for squid : ALASSQUID4-2023-004
375570 Squid Multiple Denial Of Service Vulnerability (SQUID-2021:1,SQUID-2021:2,SQUID-2021:3,SQUID-2021:4,SQUID-2021:5)
500661 Alpine Linux Security Update for squid
500786 Alpine Linux Security Update for squid
501497 Alpine Linux Security Update for squid
502032 Alpine Linux Security Update for squid
504433 Alpine Linux Security Update for squid
670559 EulerOS Security Update for squid (EulerOS-SA-2021-2317)
670761 EulerOS Security Update for squid (EulerOS-SA-2021-2519)
710101 Gentoo Linux Squid Multiple vulnerabilities (GLSA 202105-14)
750098 SUSE Enterprise Linux Security Update for squid (SUSE-SU-2021:1838-1)
750160 SUSE Enterprise Linux Security Update for squid (SUSE-SU-2021:1961-1)
750641 OpenSUSE Security Update for squid (openSUSE-SU-2021:0879-1)
750782 OpenSUSE Security Update for squid (openSUSE-SU-2021:1961-1)
940500 AlmaLinux Security Update for squid:4 (ALSA-2021:4292)
960193 Rocky Linux Security Update for squid:4 (RLSA-2021:4292)