CVE-2021-28116 09.03.21 23:15 Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.
Upstream did not release a patch yet. CVE entry to be monitored for a fix. https://www.zerodayinitiative.com/advisories/ZDI-21-157/ - says it is a low impact issue.
signature.asc
Description: This is a digitally signed message part
