CVE-2021-41611
Summary
| CVE | CVE-2021-41611 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2021-10-18 09:15:00 UTC |
|---|
| Updated | 2023-11-07 03:38:00 UTC |
|---|
| Description | An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed along to clients, allowing access to unsafe or hijacked services. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| www.squid-cache.org/Versions/v6/changesets/squid-6-43d6b5c81b88ec2256b430c69a872a... |
MISC |
www.squid-cache.org |
|
| oss-security - CVE-2021-44273: e2guardian did not validate TLS hostnames |
MLIST |
www.openwall.com |
|
| [SECURITY] Fedora 35 Update: squid-5.2-1.fc35 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| SQUID-2021:6 Improper Certificate Validation of TLS server certificates · Advisory · squid-cache/squid · GitHub |
CONFIRM |
github.com |
|
| [SECURITY] Fedora 35 Update: squid-5.2-1.fc35 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 184083 Debian Security Update for squid (CVE-2021-41611)
- 281984 Fedora Security Update for squid (FEDORA-2021-4d2e7691ca)
- 281985 Fedora Security Update for squid (FEDORA-2021-de5e6c60c2)
- 501499 Alpine Linux Security Update for squid
- 502033 Alpine Linux Security Update for squid
- 504434 Alpine Linux Security Update for squid
