CVE-2021-28651: 
Squid vulnerability analysis and mitigation

CVE-2021-28651 is a vulnerability discovered in Squid versions before 4.15 and 5.x before 5.0.6. The vulnerability stems from a buffer-management bug that occurs when resolving requests with the urn: scheme, where the parser leaks a small amount of memory. This issue was discovered on May 27, 2021, and affects the Squid proxy caching server (NVD, GitHub Advisory).

The vulnerability is caused by a buffer-management bug in the URN processing functionality. When resolving a request with the urn: scheme, the parser leaks memory due to improper buffer management. The issue has been assigned a CVSS v3.1 base score of 7.5 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating it can be exploited remotely with low attack complexity and requires no privileges or user interaction (NVD).

The vulnerability allows a malicious server in collaboration with a trusted client to consume arbitrarily large amounts of memory on the server running Squid. This can lead to a denial of service condition affecting all services on the machine running Squid. Once initiated, the DoS situation persists until Squid is shutdown (GitHub Advisory).

The vulnerability has been fixed in Squid versions 4.15 and 5.0.6. For systems that cannot immediately update, a workaround is available by disabling URN processing in the proxy. This can be done by adding the following lines to squid.conf: 'acl URN proto URN' and 'http_access deny URN' (GitHub Advisory).