http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-202105-489

Squid是一套代理服务器和Web缓存服务器软件。该软件提供缓存万维网、过滤流量、代理上网等功能。 Squid 存在资源管理错误漏洞。远程攻击者可以欺骗用户，使代理服务器后面的用户单击特制的\"urn：\"链接，从而导致服务器在攻击者的控制下，迫使Squid任意消耗服务器上的大量内存。以下产品及版本存在该漏洞：Squid： 2.0, 2.0.patch1, 2.0.patch2, 2.0.pre1, 2.0.release, 2.0_patch2, 2.1, 2.1.patch1, 2.1.patch2, 2.1.pre1, 2.1.pre3, 2.1.pre4, 2.1.release, 2.1_patch2, 2.2, 2.2.devel3, 2.2.devel4, 2.2.pre1, 2.2.pre2, 2.2.stable1, 2.2.stable2, 2.2.stable3, 2.2.stable4, 2.2.stable5, 2.3, 2.3.devel2, 2.3.devel3, 2.3.stable1, 2.3.stable2, 2.3.stable3, 2.3.stable4, 2.3.stable5, 2.3_.stable4, 2.3_.stable5, 2.3_stable5, 2.4, 2.4.stable1, 2.4.stable2, 2.4.stable3, 2.4.stable4, 2.4.stable5, 2.4.stable6, 2.4.stable7, 2.4_.stable2, 2.4_.stable6, 2.4_.stable7, 2.4_9, 2.4_stable7, 2.4_stable_2, 2.4_stable_3, 2.5, 2.5.6, 2.5.9, 2.5.stable1, 2.5.stable2, 2.5.stable3, 2.5.stable4, 2.5.stable5, 2.5.stable6, 2.5.stable7, 2.5.stable8, 2.5.stable9, 2.5.stable10, 2.5.stable11, 2.5.stable12, 2.5.stable13, 2.5.stable14, 2.5_.stable1, 2.5_.stable3, 2.5_.stable4, 2.5_.s

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1583

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021051025

来源:vigilance.fr

链接:https://vigilance.fr/vulnerability/Squid-cache-overload-via-URN-35295