CVE-2021-31807

Name
CVE-2021-31807
Description
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf
MISC http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/
MLIST https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html
Third Party Advisory https://security.netapp.com/advisory/ntap-20210716-0007/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:squid-cache:squid:2.5.stable2:*:*:*:*:*:*:* squid == None == 2.5.stable2
cpe:2.3:a:squid-cache:squid:2.5.stable3:*:*:*:*:*:*:* squid == None == 2.5.stable3
cpe:2.3:a:squid-cache:squid:2.5.stable4:*:*:*:*:*:*:* squid == None == 2.5.stable4
cpe:2.3:a:squid-cache:squid:2.5.stable5:*:*:*:*:*:*:* squid == None == 2.5.stable5
cpe:2.3:a:squid-cache:squid:2.5.stable6:*:*:*:*:*:*:* squid == None == 2.5.stable6
cpe:2.3:a:squid-cache:squid:2.5.stable7:*:*:*:*:*:*:* squid == None == 2.5.stable7
cpe:2.3:a:squid-cache:squid:2.5.stable8:*:*:*:*:*:*:* squid == None == 2.5.stable8
cpe:2.3:a:squid-cache:squid:2.5.stable9:*:*:*:*:*:*:* squid == None == 2.5.stable9
cpe:2.3:a:squid-cache:squid:2.5.stable10:*:*:*:*:*:*:* squid == None == 2.5.stable10
cpe:2.3:a:squid-cache:squid:2.5.stable11:*:*:*:*:*:*:* squid == None == 2.5.stable11
cpe:2.3:a:squid-cache:squid:2.5.stable12:*:*:*:*:*:*:* squid == None == 2.5.stable12
cpe:2.3:a:squid-cache:squid:2.5.stable13:*:*:*:*:*:*:* squid == None == 2.5.stable13
cpe:2.3:a:squid-cache:squid:2.6:*:*:*:*:*:*:* squid == None == 2.6
cpe:2.3:a:squid-cache:squid:2.7:stable3:*:*:*:*:*:* squid == None == 2.7
cpe:2.3:a:squid-cache:squid:2.5.stable14:*:*:*:*:*:*:* squid == None == 2.5.stable14
cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:* squid >= 5.0 < 5.0.6
cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:* squid >= 3.0 < 4.15

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
squid 3.10-main 4.15-r0 Natanael Copa <ncopa@alpinelinux.org> fixed