CVE-2021-31807
Publication date 28 May 2021
Last updated 18 August 2025
Ubuntu priority
Description
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| squid | 25.10 questing |
Fixed 4.13-10ubuntu1
|
| 25.04 plucky |
Fixed 4.13-10ubuntu1
|
|
| 24.04 LTS noble |
Fixed 4.13-10ubuntu1
|
|
| 22.04 LTS jammy |
Fixed 4.13-10ubuntu1
|
|
| 20.04 LTS focal |
Fixed 4.10-1ubuntu1.4
|
|
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| squid3 | 25.10 questing | Not in release |
| 25.04 plucky | Not in release | |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Fixed 3.5.27-1ubuntu1.11
|
|
| 16.04 LTS xenial |
Vulnerable
|
|
| 14.04 LTS trusty | Not in release |
Notes
Patch details
| Package | Patch details |
|---|---|
| squid |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
6.5 · Medium
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-4981-1
- Squid vulnerabilities
- 3 June 2021