Due to an incorrect parser validation bug Squid is vulnerable to a Denial of Service attack against the Cache Manager API. This problem allows a trusted client to trigger memory leaks which over time lead to a Denial of Service against Squid and the machine it is operating on. This attack is limited to clients with Cache Manager API access privilege. Upstream security advisory: https://github.com/squid-cache/squid/security/advisories/GHSA-m47m-9hvw-7447
Created squid tracking bugs for this issue: Affects: fedora-all [bug 1963363]
Upstream pull request: https://github.com/squid-cache/squid/pull/788 Upstream commits: https://github.com/squid-cache/squid/commit/26e65059bc06ebce508737b5cd0866478691566a [master] https://github.com/squid-cache/squid/commit/2db70e04723cedd19a90dba8b863ccbc2e708f8e [v5] https://github.com/squid-cache/squid/commit/0003e3518dc95e4b5ab46b5140af79b22253048e [v4]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:4292 https://access.redhat.com/errata/RHSA-2021:4292
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-28652