CVE-2021-28116

Severity CVSS v4.0:
Pending analysis
Type:
CWE-125 Out-of-bounds Read
Publication date:
09/03/2021
Last modified:
07/11/2023

Description

Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:* 4.14 (including)
cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:* 5.0 (including) 5.0.5 (including)
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*