{"id":"CVE-2021-31807","details":"An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent.","modified":"2026-03-13T22:45:38.747352Z","published":"2021-06-08T20:15:09.057Z","related":["ALSA-2021:4292","GHSA-pxwq-f3qr-w2xf","MGASA-2021-0237"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/"},{"type":"ADVISORY","url":"https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210716-0007/"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2023/Oct/14"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2023/10/11/3"},{"type":"FIX","url":"http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/squid-cache/squid","events":[{"introduced":"0"},{"last_affected":"0f67e2aac4a27d0c5ffbfa1dcd89d8abbc7175a7"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"33"}]}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-31807.json","unresolved_ranges":[{"events":[{"introduced":"3.0"},{"fixed":"4.15"}]},{"events":[{"introduced":"5.0"},{"fixed":"5.0.6"}]},{"events":[{"introduced":"0"},{"last_affected":"2.5.stable2"}]},{"events":[{"introduced":"0"},{"last_affected":"2.5.stable3"}]},{"events":[{"introduced":"0"},{"last_affected":"2.5.stable4"}]},{"events":[{"introduced":"0"},{"last_affected":"2.5.stable5"}]},{"events":[{"introduced":"0"},{"last_affected":"2.5.stable6"}]},{"events":[{"introduced":"0"},{"last_affected":"2.5.stable7"}]},{"events":[{"introduced":"0"},{"last_affected":"2.5.stable8"}]},{"events":[{"introduced":"0"},{"last_affected":"2.5.stable9"}]},{"events":[{"introduced":"0"},{"last_affected":"2.5.stable10"}]},{"events":[{"introduced":"0"},{"last_affected":"2.5.stable11"}]},{"events":[{"introduced":"0"},{"last_affected":"2.5.stable12"}]},{"events":[{"introduced":"0"},{"last_affected":"2.5.stable13"}]},{"events":[{"introduced":"0"},{"last_affected":"2.5.stable14"}]},{"events":[{"introduced":"0"},{"last_affected":"2.6"}]},{"events":[{"introduced":"0"},{"last_affected":"2.7-NA"}]},{"events":[{"introduced":"0"},{"last_affected":"2.7-stable2"}]},{"events":[{"introduced":"0"},{"last_affected":"2.7-stable3"}]},{"events":[{"introduced":"0"},{"last_affected":"2.7-stable4"}]},{"events":[{"introduced":"0"},{"last_affected":"2.7-stable5"}]},{"events":[{"introduced":"0"},{"last_affected":"2.7-stable6"}]},{"events":[{"introduced":"0"},{"last_affected":"2.7-stable7"}]},{"events":[{"introduced":"0"},{"last_affected":"2.7-stable8"}]},{"events":[{"introduced":"0"},{"last_affected":"2.7-stable9"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}