vulnerability
CentOS Linux: CVE-2021-28116: Moderate: squid:4 security and bug fix update (CESA-2022:1939)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:P/I:N/A:N) | 03/09/2021 | 05/13/2022 | 05/25/2023 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
03/09/2021
Added
05/13/2022
Modified
05/25/2023
Description
Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.
Solution(s)
centos-upgrade-libecapcentos-upgrade-libecap-debuginfocentos-upgrade-libecap-debugsourcecentos-upgrade-libecap-develcentos-upgrade-squidcentos-upgrade-squid-debuginfocentos-upgrade-squid-debugsource
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.