CVE-2021-33620

moderate-risk

Published 2021-05-28

Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server.

Do I need to act?

9.6% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

NETWORK / LOW complexity

Affected Products (4)

Squid

Fedora

Debian Linux

Affected Vendors

Debian Squid-Cache Fedoraproject

References (16)

Mailing List http://seclists.org/fulldisclosure/2023/Oct/14

Mailing List http://www.openwall.com/lists/oss-security/2023/10/11/3

Mailing List http://www.squid-cache.org/Versions/v4/changesets/squid-4-1e05a85bd28c22c9ca5d3a...

Mailing List http://www.squid-cache.org/Versions/v5/changesets/squid-5-8af775ed98bfd610f9ce76...

Patch https://github.com/squid-cache/squid/security/advisories/GHSA-572g-rvwr-6c7f

Mailing List https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

Mailing List http://seclists.org/fulldisclosure/2023/Oct/14

Mailing List http://www.openwall.com/lists/oss-security/2023/10/11/3

Mailing List http://www.squid-cache.org/Versions/v4/changesets/squid-4-1e05a85bd28c22c9ca5d3a...

Mailing List http://www.squid-cache.org/Versions/v5/changesets/squid-5-8af775ed98bfd610f9ce76...

Patch https://github.com/squid-cache/squid/security/advisories/GHSA-572g-rvwr-6c7f

Mailing List https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 11/34 · Low

Exposure 10/34 · Low