CVE-2021-31807

CVE-2021-31807

Name

CVE-2021-31807

Description

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf
MISC	http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/
MLIST	https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html
Third Party Advisory	https://security.netapp.com/advisory/ntap-20210716-0007/

Type

URI

MISC

https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf

MISC

http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/

MLIST

https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html

Third Party Advisory

https://security.netapp.com/advisory/ntap-20210716-0007/

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:squid-cache:squid:2.5.stable2:::::::*`	squid	== None	== 2.5.stable2
`cpe:2.3:a:squid-cache:squid:2.5.stable3:::::::*`	squid	== None	== 2.5.stable3
`cpe:2.3:a:squid-cache:squid:2.5.stable4:::::::*`	squid	== None	== 2.5.stable4
`cpe:2.3:a:squid-cache:squid:2.5.stable5:::::::*`	squid	== None	== 2.5.stable5
`cpe:2.3:a:squid-cache:squid:2.5.stable6:::::::*`	squid	== None	== 2.5.stable6
`cpe:2.3:a:squid-cache:squid:2.5.stable7:::::::*`	squid	== None	== 2.5.stable7
`cpe:2.3:a:squid-cache:squid:2.5.stable8:::::::*`	squid	== None	== 2.5.stable8
`cpe:2.3:a:squid-cache:squid:2.5.stable9:::::::*`	squid	== None	== 2.5.stable9
`cpe:2.3:a:squid-cache:squid:2.5.stable10:::::::*`	squid	== None	== 2.5.stable10
`cpe:2.3:a:squid-cache:squid:2.5.stable11:::::::*`	squid	== None	== 2.5.stable11
`cpe:2.3:a:squid-cache:squid:2.5.stable12:::::::*`	squid	== None	== 2.5.stable12
`cpe:2.3:a:squid-cache:squid:2.5.stable13:::::::*`	squid	== None	== 2.5.stable13
`cpe:2.3:a:squid-cache:squid:2.6:::::::*`	squid	== None	== 2.6
`cpe:2.3:a:squid-cache:squid:2.7:stable3::::::`	squid	== None	== 2.7
`cpe:2.3:a:squid-cache:squid:2.5.stable14:::::::*`	squid	== None	== 2.5.stable14
`cpe:2.3:a:squid-cache:squid::::::::`	squid	>= 5.0	< 5.0.6
`cpe:2.3:a:squid-cache:squid::::::::`	squid	>= 3.0	< 4.15

CPE URI

Source package

Min version

Max version

cpe:2.3:a:squid-cache:squid:2.5.stable2:*:*:*:*:*:*:*

squid

== None

== 2.5.stable2

cpe:2.3:a:squid-cache:squid:2.5.stable3:*:*:*:*:*:*:*

squid

== None

== 2.5.stable3

cpe:2.3:a:squid-cache:squid:2.5.stable4:*:*:*:*:*:*:*

squid

== None

== 2.5.stable4

cpe:2.3:a:squid-cache:squid:2.5.stable5:*:*:*:*:*:*:*

squid

== None

== 2.5.stable5

cpe:2.3:a:squid-cache:squid:2.5.stable6:*:*:*:*:*:*:*

squid

== None

== 2.5.stable6

cpe:2.3:a:squid-cache:squid:2.5.stable7:*:*:*:*:*:*:*

squid

== None

== 2.5.stable7

cpe:2.3:a:squid-cache:squid:2.5.stable8:*:*:*:*:*:*:*

squid

== None

== 2.5.stable8

cpe:2.3:a:squid-cache:squid:2.5.stable9:*:*:*:*:*:*:*

squid

== None

== 2.5.stable9

cpe:2.3:a:squid-cache:squid:2.5.stable10:*:*:*:*:*:*:*

squid

== None

== 2.5.stable10

cpe:2.3:a:squid-cache:squid:2.5.stable11:*:*:*:*:*:*:*

squid

== None

== 2.5.stable11

cpe:2.3:a:squid-cache:squid:2.5.stable12:*:*:*:*:*:*:*

squid

== None

== 2.5.stable12

cpe:2.3:a:squid-cache:squid:2.5.stable13:*:*:*:*:*:*:*

squid

== None

== 2.5.stable13

cpe:2.3:a:squid-cache:squid:2.6:*:*:*:*:*:*:*

squid

== None

== 2.6

cpe:2.3:a:squid-cache:squid:2.7:stable3:*:*:*:*:*:*

squid

== None

== 2.7

cpe:2.3:a:squid-cache:squid:2.5.stable14:*:*:*:*:*:*:*

squid

== None

== 2.5.stable14

cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*

squid

>= 5.0

< 5.0.6

cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*

squid

>= 3.0

< 4.15

Source package	Branch	Version	Maintainer	Status
squid	3.10-main	4.15-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed

Source package

Branch

Version

Maintainer

Status

squid

3.10-main

4.15-r0

Natanael Copa <ncopa@alpinelinux.org>

fixed

References

Match rules

Vulnerable and fixed packages