CVE-2021-41611

An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed along to clients, allowing access to unsafe or hijacked services.
Configurations

Configuration 1 (hide)

cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

History

07 Nov 2023, 03:38

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWQ2WKDWTSO47S3F6XJJ6HGG2ULWEAE4/', 'name': 'FEDORA-2021-15d2f70a07', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CWQ2WKDWTSO47S3F6XJJ6HGG2ULWEAE4/ -

31 Mar 2022, 16:26

Type Values Removed Values Added
References (MLIST) http://www.openwall.com/lists/oss-security/2021/12/23/2 - (MLIST) http://www.openwall.com/lists/oss-security/2021/12/23/2 - Mailing List, Third Party Advisory

23 Dec 2021, 22:15

Type Values Removed Values Added
References
  • (MLIST) http://www.openwall.com/lists/oss-security/2021/12/23/2 -

28 Nov 2021, 23:28

Type Values Removed Values Added
CPE cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWQ2WKDWTSO47S3F6XJJ6HGG2ULWEAE4/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWQ2WKDWTSO47S3F6XJJ6HGG2ULWEAE4/ - Mailing List, Third Party Advisory

17 Nov 2021, 22:19

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWQ2WKDWTSO47S3F6XJJ6HGG2ULWEAE4/ -

10 Nov 2021, 01:19

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWQ2WKDWTSO47S3F6XJJ6HGG2ULWEAE4/', 'name': 'FEDORA-2021-15d2f70a07', 'tags': [], 'refsource': 'FEDORA'}

30 Oct 2021, 02:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWQ2WKDWTSO47S3F6XJJ6HGG2ULWEAE4/ -

21 Oct 2021, 22:44

Type Values Removed Values Added
CPE cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*
References (MISC) http://www.squid-cache.org/Versions/v6/changesets/squid-6-43d6b5c81b88ec2256b430c69a872a1e4f324e4a.patch - (MISC) http://www.squid-cache.org/Versions/v6/changesets/squid-6-43d6b5c81b88ec2256b430c69a872a1e4f324e4a.patch - Vendor Advisory
References (CONFIRM) https://github.com/squid-cache/squid/security/advisories/GHSA-47m4-g3mv-9q5r - (CONFIRM) https://github.com/squid-cache/squid/security/advisories/GHSA-47m4-g3mv-9q5r - Patch, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 7.5
CWE CWE-295

18 Oct 2021, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-10-18 09:15

Updated : 2023-12-10 14:09


NVD link : CVE-2021-41611

Mitre link : CVE-2021-41611

CVE.ORG link : CVE-2021-41611


JSON object : View

Products Affected

squid-cache

  • squid

fedoraproject

  • fedora
CWE
CWE-295

Improper Certificate Validation