{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-46784", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-04T05:17:42.311Z", "dateReserved": "2022-04-21T00:00:00", "datePublished": "2022-07-17T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-10-21T23:06:16.659186"}, "descriptions": [{"lang": "en", "value": "In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/squid-cache/squid/commit/5e2ea2b13bd98f53e29964ca26bb0d602a8a12b9"}, {"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2021_7.patch"}, {"url": "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2021_7.patch"}, {"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w"}, {"url": "https://security-tracker.debian.org/tracker/CVE-2021-46784"}, {"url": "https://security.netapp.com/advisory/ntap-20221223-0007/"}, {"name": "[oss-security] 20231013 Re: Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2023/10/13/1"}, {"name": "[oss-security] 20231013 Re: Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2023/10/13/10"}, {"name": "[oss-security] 20231021 Re: Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2023/10/21/1"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:17:42.311Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/squid-cache/squid/commit/5e2ea2b13bd98f53e29964ca26bb0d602a8a12b9", "tags": ["x_transferred"]}, {"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2021_7.patch", "tags": ["x_transferred"]}, {"url": "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2021_7.patch", "tags": ["x_transferred"]}, {"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w", "tags": ["x_transferred"]}, {"url": "https://security-tracker.debian.org/tracker/CVE-2021-46784", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20221223-0007/", "tags": ["x_transferred"]}, {"name": "[oss-security] 20231013 Re: Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2023/10/13/1"}, {"name": "[oss-security] 20231013 Re: Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2023/10/13/10"}, {"name": "[oss-security] 20231021 Re: Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2023/10/21/1"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", "matchCriteriaId": "FC9F2659-B37B-4E7B-AE40-B91BF3CE4E88", "versionEndIncluding": "3.5.28", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD4A9EF2-CA36-4C09-8A67-6AE01B16E04E", "versionEndIncluding": "4.17", "versionStartIncluding": "4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", "matchCriteriaId": "56C44696-C2E8-42DC-877F-B97943F8DD87", "versionEndExcluding": "5.6", "versionStartIncluding": "5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses."}, {"lang": "es", "value": "En Squid versiones 3.x hasta 3.5.28, versiones 4.x hasta 4.17 y versiones 5.x anteriores a 5.6, debido a una administraci\u00f3n inapropiada del b\u00fafer, puede producirse una denegaci\u00f3n de servicio cuando son procesadas respuestas largas del servidor Gopher"}], "id": "CVE-2021-46784", "lastModified": "2023-10-22T00:15:08.640", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-17T22:15:08.737", "references": [{"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2023/10/13/1"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2023/10/13/10"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2023/10/21/1"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2021_7.patch"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2021_7.patch"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/squid-cache/squid/commit/5e2ea2b13bd98f53e29964ca26bb0d602a8a12b9"}, {"source": "cve@mitre.org", "tags": ["Mitigation", "Patch", "Third Party Advisory"], "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2021-46784"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20221223-0007/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-617"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:5542", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "squid-7:3.5.20-17.el7_9.7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-07-11T00:00:00Z"}, {"advisory": "RHSA-2022:5526", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "squid:4-8060020220628135610.ad008a3a", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-07-07T00:00:00Z"}, {"advisory": "RHSA-2022:5530", "cpe": "cpe:/a:redhat:rhel_e4s:8.1", "package": "squid:4-8010020220628152104.c27ad7f8", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2022-07-07T00:00:00Z"}, {"advisory": "RHSA-2022:5529", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "squid:4-8020020220628150849.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-07-07T00:00:00Z"}, {"advisory": "RHSA-2022:5528", "cpe": "cpe:/a:redhat:rhel_eus:8.4", "package": "squid:4-8040020220628150130.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2022-07-07T00:00:00Z"}, {"advisory": "RHSA-2022:5527", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "squid-7:5.2-1.el9_0.1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-07-07T00:00:00Z"}], "bugzilla": {"description": "squid: DoS when processing gopher server responses", "id": "2100721", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100721"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-617", "details": ["In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.", "A vulnerability was found in squid (Web proxy cache server). This issue occurs due to improper buffer management while processing Gopher server responses. This flaw leads to a remote denial of service or a crash if it receives specially crafted network traffic, either by mistake or a malicious actor."], "name": "CVE-2021-46784", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "squid", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "squid34", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2022-06-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-46784\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-46784\nhttps://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w"], "threat_severity": "Important", "upstream_fix": "squid 5.6"}