CVE-2021-41611

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-41611
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-41611.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-41611
Downstream
Related
  • GHSA-47m4-g3mv-9q5r
Published
2021-10-18T09:15:08.823Z
Modified
2026-04-11T12:38:08.106099Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed along to clients, allowing access to unsafe or hijacked services.

Database specific 
{
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "last_affected": "35"
                }
            ],
            "cpe": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
            "source": "CPE_FIELD"
        }
    ]
}
References

Affected packages

Git / github.com/squid-cache/squid

Affected ranges

Type
GIT
Repo
https://github.com/squid-cache/squid
Events
Introduced
1521895e24671463bf590cabcdbd2acf637ed2c1
Fixed
74f073ecdc41e96dbf68e63550710fed7b8ad2d2
Database specific 
{
    "extracted_events": [
        {
            "introduced": "5.0.6"
        },
        {
            "fixed": "5.2"
        }
    ],
    "cpe": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
    "source": "CPE_FIELD"
}

Affected versions

Other
SQUID_5_0_6
SQUID_5_0_7
SQUID_5_1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-41611.json"