CVE-2021-46784

moderate-risk
Published 2022-07-17

In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.

Do I need to act?

!
16.4% chance of exploitation in next 30 days
EPSS score — higher than 84% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10 Medium
NETWORK / LOW complexity

Affected Products (4)

Affected Vendors

Debian Squid-Cache

References (18)

http://www.openwall.com/lists/oss-security/2023/10/13/1
http://www.openwall.com/lists/oss-security/2023/10/13/10
http://www.openwall.com/lists/oss-security/2023/10/21/1
Broken Link http://www.squid-cache.org/Versions/v4/changesets/SQUID-2021_7.patch
Patch http://www.squid-cache.org/Versions/v5/changesets/SQUID-2021_7.patch
Patch https://github.com/squid-cache/squid/commit/5e2ea2b13bd98f53e29964ca26bb0d602a8a...
Mitigation https://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w
Third Party Advisory https://security-tracker.debian.org/tracker/CVE-2021-46784
Third Party Advisory https://security.netapp.com/advisory/ntap-20221223-0007/
http://www.openwall.com/lists/oss-security/2023/10/13/1
http://www.openwall.com/lists/oss-security/2023/10/13/10
http://www.openwall.com/lists/oss-security/2023/10/21/1
Broken Link http://www.squid-cache.org/Versions/v4/changesets/SQUID-2021_7.patch
Patch http://www.squid-cache.org/Versions/v5/changesets/SQUID-2021_7.patch
Patch https://github.com/squid-cache/squid/commit/5e2ea2b13bd98f53e29964ca26bb0d602a8a...
Mitigation https://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w
Third Party Advisory https://security-tracker.debian.org/tracker/CVE-2021-46784
Third Party Advisory https://security.netapp.com/advisory/ntap-20221223-0007/
47
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 13/34 · Low
Exposure 10/34 · Low