What is CVE-2021-28662?

CVE-2021-28662 is a vulnerability in N/a. Published 2021-05-27.

Is CVE-2021-28662 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2021-28662

An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic.

EPSS: 0.719 (99.3th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

MegaManSec/Squid-Security-Audit

References

github.com/squid-cache/squid/security/advisories/GHSA-jjq6-mh2h-g39h
github.com/squid-cache/squid/commit/051824924c709bd6162a378f746fb859454c674e
www.squid-cache.org/Versions/v6/changesets/squid-6-051824924c709bd6162a378f746f…
DSA-4924 (vendor-advisory)
FEDORA-2021-c0bec55ec7 (vendor-advisory)
FEDORA-2021-24af72ff2c (vendor-advisory)
[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days. (mailing-list)
20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days. (mailing-list)

Frequently asked questions

What is CVE-2021-28662?: CVE-2021-28662 is a vulnerability in N/a. Published 2021-05-27.
Is CVE-2021-28662 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.