CVE-2021-28651 log

Severity High
Remote Yes
Type Denial of service
Due to a buffer management bug Squid before version 4.15 is vulnerable to a denial of service attack against the server it is operating on. This attack is limited to proxies which attempt to resolve a "urn:" resource identifier. Support for this resolving is enabled by default in all Squid.
Group Package Affected Fixed Severity Status Ticket
AVG-1949 squid 4.14-1 4.15-1 High Fixed
Date Advisory Group Package Severity Type
19 May 2021 ASA-202105-10 AVG-1949 squid High denial of service

The issue can be mitigated by disabling URN processing by the proxy, by adding these lines to squid.conf:

acl URN proto URN
http_access deny URN