{
  "threat_severity" : "Important",
  "public_date" : "2022-06-23T00:00:00Z",
  "bugzilla" : {
    "description" : "squid: DoS when processing gopher server responses",
    "id" : "2100721",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2100721"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-617",
  "details" : [ "In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.", "A vulnerability was found in squid (Web proxy cache server). This issue occurs due to improper buffer management while processing Gopher server responses. This flaw leads to a remote denial of service or a crash if it receives specially crafted network traffic, either by mistake or a malicious actor." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2022-07-11T00:00:00Z",
    "advisory" : "RHSA-2022:5542",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "squid-7:3.5.20-17.el7_9.7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-07-07T00:00:00Z",
    "advisory" : "RHSA-2022:5526",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "squid:4-8060020220628135610.ad008a3a"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions",
    "release_date" : "2022-07-07T00:00:00Z",
    "advisory" : "RHSA-2022:5530",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.1",
    "package" : "squid:4-8010020220628152104.c27ad7f8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Extended Update Support",
    "release_date" : "2022-07-07T00:00:00Z",
    "advisory" : "RHSA-2022:5529",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.2",
    "package" : "squid:4-8020020220628150849.4cda2c84"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support",
    "release_date" : "2022-07-07T00:00:00Z",
    "advisory" : "RHSA-2022:5528",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.4",
    "package" : "squid:4-8040020220628150130.522a0ee4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2022-07-07T00:00:00Z",
    "advisory" : "RHSA-2022:5527",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "squid-7:5.2-1.el9_0.1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "squid",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "squid34",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-46784\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-46784\nhttps://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w" ],
  "name" : "CVE-2021-46784",
  "csaw" : false
}