{"id":"CLSA-2021-1634925634","summary":"Fixed 9 CVEs in squid34","details":"- CVE-2020-15049: fix incorrect validation of Content-Length field leading to\n  Http smuggling and Poisoning attack\n- CVE-2020-14058: fix handling of unknown SSL errors which resulted in denial of\n  service\n- CVE-2020-25097: fix improper input validation allowing HTTP smuggling from\n  trusted client\n- CVE-2020-11945: fix nonce reference counter overflow allowing replay attack\n- CVE-2020-24606: fix handle of EOF in peerDigestHandleReply() leading to Denial\n  of service\n- CVE-2020-8517: fix incorrect input validation allowing writing outside of buffer\n  and leading to denial of service\n- CVE-2020-8449: fix improper HTTP request validation allowing access to \n  resources which are prohibited by security filters\n- CVE-2020-8450: fix incorrect buffer managment leading to buffer overflow\n- CVE-2021-28651: fix memory leak leading to denial of service","modified":"2026-06-01T00:31:42.322183207Z","published":"2021-10-22T18:00:34Z","upstream":["CVE-2020-15049","CVE-2020-14058","CVE-2020-25097","CVE-2020-11945","CVE-2020-24606","CVE-2020-8517","CVE-2020-8449","CVE-2020-8450","CVE-2021-28651"],"references":[{"type":"ADVISORY","url":"https://errata.cloudlinux.com/ol6/CLSA-2021-1634925634.html"}],"affected":[{"package":{"name":"squid34","ecosystem":"TuxCare:OracleLinux:6","purl":"pkg:rpm/tuxcare/squid34?distro=oraclelinux-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7:3.4.14-16.el6.cloudlinux.els"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux6els/CLSA-2021-1634925634.json"}}],"schema_version":"1.7.5"}