[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
squid package vulnerable to CVE-2021-28116
From: |
Léo Le Bouter |
Subject: |
squid package vulnerable to CVE-2021-28116 |
Date: |
Wed, 10 Mar 2021 01:22:51 +0100 |
User-agent: |
Evolution 3.34.2 |
CVE-2021-28116 09.03.21 23:15
Squid through 4.14 and 5.x through 5.0.5, in some configurations,
allows information disclosure because of an out-of-bounds read in WCCP
protocol data. This can be leveraged as part of a chain for remote code
execution as nobody.
Upstream did not release a patch yet. CVE entry to be monitored for a
fix.
https://www.zerodayinitiative.com/advisories/ZDI-21-157/ - says it is a
low impact issue.
signature.asc
Description: This is a digitally signed message part
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- squid package vulnerable to CVE-2021-28116,
Léo Le Bouter <=