What is CVE-2021-31806?

CVE-2021-31806 is a vulnerability in N/a. Published 2021-05-27.

Is CVE-2021-31806 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2021-31806

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing.

EPSS: 0.852 (99.4th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf
www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d…
DSA-4924 (vendor-advisory)
FEDORA-2021-c0bec55ec7 (vendor-advisory)
FEDORA-2021-24af72ff2c (vendor-advisory)
[debian-lts-announce] 20210614 [SECURITY] [DLA 2685-1] squid3 security update (mailing-list)
security.netapp.com/advisory/ntap-20210716-0007/
[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days. (mailing-list)
20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days. (mailing-list)

Frequently asked questions

What is CVE-2021-31806?: CVE-2021-31806 is a vulnerability in N/a. Published 2021-05-27.
Is CVE-2021-31806 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.