In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
| Link | Tags |
|---|---|
| https://github.com/squid-cache/squid/commit/5e2ea2b13bd98f53e29964ca26bb0d602a8a12b9 | third party advisory patch |
| http://www.squid-cache.org/Versions/v4/changesets/SQUID-2021_7.patch | broken link |
| http://www.squid-cache.org/Versions/v5/changesets/SQUID-2021_7.patch | patch vendor advisory |
| https://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w | third party advisory patch mitigation |
| https://security-tracker.debian.org/tracker/CVE-2021-46784 | third party advisory |
| https://security.netapp.com/advisory/ntap-20221223-0007/ | third party advisory |
| http://www.openwall.com/lists/oss-security/2023/10/13/1 | mailing list |
| http://www.openwall.com/lists/oss-security/2023/10/13/10 | mailing list |
| http://www.openwall.com/lists/oss-security/2023/10/21/1 | mailing list |