漏洞信息详情
Squid 缓冲区错误漏洞
- CNNVD编号:CNNVD-202103-704 <!--
- 危害等级: 中危-->
- 危害等级: 中危
- CVE编号: CVE-2021-28116
- 漏洞类型: 缓冲区错误
- 发布时间: 2021-03-09
- 威胁类型: 远程
- 更新时间: 2021-10-22
- 厂 商:
- 漏洞来源:
-
漏洞简介
Squid是一套代理服务器和Web缓存服务器软件。该软件提供缓存万维网、过滤流量、代理上网等功能。
Squid through 4.14 and 5.x through 5.0.5 存在安全漏洞,该漏洞源于WCCP协议数据的越界读取。
漏洞公告
目前厂商暂未发布修复措施解决此安全问题,建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法:
http://www.squid-cache.org/Versions/
参考网址
来源:MLIST
链接:http://www.openwall.com/lists/oss-security/2021/10/04/1
来源:GENTOO
链接:https://security.gentoo.org/glsa/202105-14
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/
来源:MISC
链接:http://www.squid-cache.org/Versions/
来源:MISC
链接:https://www.zerodayinitiative.com/advisories/ZDI-21-157/
来源:MISC
链接:https://github.com/squid-cache/squid/security/advisories/GHSA-rgf3-9v3p-qp82
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021100402
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/162791/Gentoo-Linux-Security-Advisory-202105-14.html
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/Squid-Cache-out-of-bounds-memory-reading-via-WCCP-Protocol-Data-34802
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3523
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021052636
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2021-28116
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/164421/Ubuntu-Security-Notice-USN-5104-1.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3309
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3380
受影响实体
暂无
补丁
暂无
还没有评论,来说两句吧...