CVE-2021-46784: 
Squid vulnerability analysis and mitigation

CVE-2021-46784 affects Squid versions 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6. The vulnerability stems from improper buffer management when processing long Gopher server responses, which can lead to a Denial of Service condition (NVD, GitHub Advisory).

The vulnerability is classified with a CVSS v3.1 Base Score of 6.5 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The issue is related to improper buffer management when processing Gopher server responses, specifically involving the handling of buffer operations in the Gopher protocol implementation (NVD, NetApp Advisory).

When successfully exploited, this vulnerability can result in a Denial of Service (DoS) condition, affecting the availability of the Squid proxy service. The impact is primarily focused on service availability, with no direct effect on confidentiality or integrity of the system (GitHub Advisory, NetApp Advisory).

A workaround is available by denying access to gopher:// resources by adding 'acl gopher proto gopher' and 'http_access deny gopher' to the top of squid.conf. For a permanent fix, users should upgrade to Squid version 5.6 or apply the available patches. Patch archives are available for both Squid 4 and Squid 5 versions (GitHub Advisory).