Summary: | <net-proxy/squid-4.15: out-of-bounds read in WCCP protocol data may lead to information disclosure (CVE-2021-28116) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | zlogene |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.zerodayinitiative.com/advisories/ZDI-21-157/ | ||
Whiteboard: | C2 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2021-03-10 02:55:32 UTC
4.15 is in stable now. > This can be leveraged as part of a chain for remote code execution as nobody.
This will get a GLSA, new GLSA request filed.
This issue was resolved and addressed in GLSA 202105-14 at https://security.gentoo.org/glsa/202105-14 by GLSA coordinator Thomas Deutschmann (whissi). |