CVE-2021-28116 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Information disclosure
Description	Squid before version 5.2, in some configurations, allows information disclosure because of an out-of-bounds read in WCCPv2 protocol data. This problem allows a WCCPv2 sender to corrupt Squids list of known WCCP routers and divert client traffic to attacker controlled routers.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1667	squid	5.1-1	5.2-1	High	Fixed

References
https://github.com/squid-cache/squid/security/advisories/GHSA-rgf3-9v3p-qp82 https://www.zerodayinitiative.com/advisories/ZDI-21-157/ https://bugs.squid-cache.org/show_bug.cgi?id=5131 https://www.squid-cache.org/Versions/v5/changesets/squid-5-7a73a54cefff6bb83c03de219a73276e42d183d0.patch

References

https://github.com/squid-cache/squid/security/advisories/GHSA-rgf3-9v3p-qp82
https://www.zerodayinitiative.com/advisories/ZDI-21-157/
https://bugs.squid-cache.org/show_bug.cgi?id=5131
https://www.squid-cache.org/Versions/v5/changesets/squid-5-7a73a54cefff6bb83c03de219a73276e42d183d0.patch