CVE-2021-46784

Summary

CVE	CVE-2021-46784
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-07-17 22:15:00 UTC
Updated	2023-10-22 00:15:00 UTC
Description	In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.

Risk And Classification

Problem Types: CWE-617

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Debian	Debian Linux	11.0	All	All	All
Operating System	Debian	Debian Linux	12.0	All	All	All
Application	Squid-cache	Squid	All	All	All	All
Application	Squid-cache	Squid	All	All	All	All
Application	Squid-cache	Squid	All	All	All	All

References

Reference	Source	Link	Tags
oss-security - Re: Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.	MLIST	www.openwall.com
CVE-2021-46784 Squid Vulnerability in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
Improve handling of Gopher responses (#1022) · squid-cache/squid@5e2ea2b · GitHub	MISC	github.com
SQUID-2021:7 Denial of Service in Gopher Processing · Advisory · squid-cache/squid · GitHub	CONFIRM	github.com
CVE-2021-46784	MISC	security-tracker.debian.org
Record# %d%s	MISC	www.squid-cache.org
404 Not Found	MISC	www.squid-cache.org
oss-security - Re: Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.	MLIST	www.openwall.com
oss-security - Re: Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.	MLIST	www.openwall.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

159972 Oracle Enterprise Linux Security Update for squid (ELSA-2022-5527)
159973 Oracle Enterprise Linux Security Update for squid:4 (ELSA-2022-5526)
159983 Oracle Enterprise Linux Security Update for squid (ELSA-2022-5542)
160402 Oracle Enterprise Linux Security Update for squid (ELSA-2023-16656)
179566 Debian Security Update for squid (DSA 5171-1)
182559 Debian Security Update for squid (CVE-2021-46784)
198840 Ubuntu Security Notification for Squid Vulnerability (USN-5491-1)
240536 Red Hat Update for squid (RHSA-2022:5527)
240537 Red Hat Update for squid:4 (RHSA-2022:5526)
240538 Red Hat Update for squid:4 (RHSA-2022:5529)
240539 Red Hat Update for squid:4 (RHSA-2022:5528)
240540 Red Hat Update for squid (RHSA-2022:5542)
257177 CentOS Security Update for squid (CESA-2022:5542)
282899 Fedora Security Update for squid (FEDORA-2022-0fa51087e7)
282900 Fedora Security Update for squid (FEDORA-2022-d22a045d7a)
354655 Amazon Linux Security Advisory for squid : ALAS2-2023-1907
354715 Amazon Linux Security Advisory for squid : ALAS-2023-1677
355519 Amazon Linux Security Advisory for squid : AL2012-2023-418
356302 Amazon Linux Security Advisory for squid : ALASSQUID4-2023-003
376931 Alibaba Cloud Linux Security Update for squid:4 (ALINUX3-SA-2022:0132)
377004 Alibaba Cloud Linux Security Update for squid (ALINUX2-SA-2022:0031)
672210 EulerOS Security Update for squid (EulerOS-SA-2022-2481)
672235 EulerOS Security Update for squid (EulerOS-SA-2022-2636)
752341 SUSE Enterprise Linux Security Update for squid (SUSE-SU-2022:2367-1)
752348 SUSE Enterprise Linux Security Update for squid (SUSE-SU-2022:2392-1)
752390 SUSE Enterprise Linux Security Update for squid (SUSE-SU-2022:2553-1)
753477 SUSE Enterprise Linux Security Update for squid (SUSE-SU-2022:2359-1)
940590 AlmaLinux Security Update for squid:4 (ALSA-2022:5526)
940623 AlmaLinux Security Update for squid (ALSA-2022:5527)
960432 Rocky Linux Security Update for squid:4 (RLSA-2022:5526)