QwikSec

Security Database

CVE

CWE

Training

CVE-2020-14058

Published: Jun 30, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.squid-cache.org/Versions/v5/changesets/squid-5-c6d1a4f6a2cbebceebc8a3fcd8f539ceb7b7f723.patch

x_refsource_MISC

http://www.squid-cache.org/Versions/v4/changesets/squid-4-93f5fda134a2a010b84ffedbe833d670e63ba4be.patch

x_refsource_MISC

http://www.squid-cache.org/Advisories/SQUID-2020_6.txt

x_refsource_CONFIRM

FEDORA-2020-cbebc5617e

vendor-advisory

x_refsource_FEDORA

https://security.netapp.com/advisory/ntap-20210312-0001/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.