An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption.
The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Squid | Squid-cache | 2.0 | * |
Squid | Squid-cache | 5.0 | * |
Red Hat Enterprise Linux 8 | RedHat | squid:4-8050020210618131503.b4937e53 | * |
Squid | Ubuntu | devel | * |
Squid | Ubuntu | focal | * |
Squid | Ubuntu | groovy | * |
Squid | Ubuntu | hirsute | * |
Squid | Ubuntu | impish | * |
Squid | Ubuntu | jammy | * |
Squid | Ubuntu | trusty | * |
Squid | Ubuntu | upstream | * |
Squid3 | Ubuntu | bionic | * |
Squid3 | Ubuntu | trusty | * |
Squid3 | Ubuntu | xenial | * |