CVE-2021-28116
Description
Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
7.036
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Web proxy cache server (USN-5104-1) squid_4.10-1ubuntu1.7_amd64.deb | Linux |
| Web proxy cache server (USN-5104-1) squid_4.13-1ubuntu4.2_amd64.deb | Linux |
| Web proxy cache server (USN-5104-1) squid_3.5.27-1ubuntu1.14_i386.deb | Linux |
| Web proxy cache server (USN-5104-1) squid_3.5.27-1ubuntu1.14_amd64.deb | Linux |
| SUSE-SU-2021:3334-1(SUSE Linux Enterprise Server 12-SP5 ) squid-4.17-4.21.1.x86_64.rpm | Linux |
| SUSE-SU-2021:3334-1(SUSE Linux Enterprise Server 12-SP5 ) squid-debuginfo-4.17-4.21.1.x86_64.rpm | Linux |
| SUSE-SU-2021:3334-1(SUSE Linux Enterprise Server 12-SP5 ) squid-debugsource-4.17-4.21.1.x86_64.rpm | Linux |
| (RHSA-2022:1939) squid:4 security and bug fix update squid-4.15-3.module+el8.6.0+14176+9782b8ab.x86_64.rpm | Linux |
| (RHSA-2022:1939) squid:4 security and bug fix update squid-debugsource-4.15-3.module+el8.6.0+14176+9782b8ab.x86_64.rpm | Linux |
| squid security update(DSA-5171-1) squid_4.6-1+deb10u7_i386.deb | Linux |
| squid security update(DSA-5171-1) squid_4.6-1+deb10u7_amd64.deb | Linux |
| squid security update(DSA-5171-1) squid_4.13-10+deb11u1_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234