Headline
CVE-2021-28662
An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic.
commit 051824924c709bd6162a378f746fb859454c674e (HEAD -> refs/heads/master, refs/remotes/origin/master, refs/remotes/origin/HEAD) Author: Alex Rousskov Date: 2021-03-16 11:45:11 -0400 Merge pull request from GHSA-jjq6-mh2h-g39h diff --git a/src/http/RegisteredHeaders.cc b/src/http/RegisteredHeaders.cc index a4f96db2b…84f177af2 100644 — a/src/http/RegisteredHeaders.cc +++ b/src/http/RegisteredHeaders.cc @@ -37,7 +37,7 @@ HeaderTableRecord::HeaderTableRecord(const char *n, HdrType theId, HdrFieldType const HeaderTableRecord& HeaderLookupTable_t::lookup (const char *buf, const std::size_t len) const { const HeaderTableRecord *r = HttpHeaderHashTable::lookup(buf, len); - if (!r) + if (!r || r->id == Http::HdrType::OTHER) return BadHdr; return *r; }