QwikSec

Security Database

CVE

CWE

Training

CVE-2020-24606

Published: Aug 24, 2020

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.1

8.6

HIGH

Description

Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:C/UI:N

Attack Complexity

Low

Attack Vector

Network

Availability

High

Confidentiality

None

Integrity

None

Privileges Required

None

Scope

Changed

User Interaction

None

References

https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg

x_refsource_MISC

http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_9.patch

x_refsource_MISC

vendor-advisory

x_refsource_DEBIAN

vendor-advisory

x_refsource_UBUNTU

FEDORA-2020-73af8655eb

vendor-advisory

x_refsource_FEDORA

FEDORA-2020-63f3bd656e

vendor-advisory

x_refsource_FEDORA

openSUSE-SU-2020:1346

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2020:1369

vendor-advisory

x_refsource_SUSE

FEDORA-2020-6c58bff862

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_UBUNTU

[debian-lts-announce] 20201002 [SECURITY] [DLA 2394-1] squid3 security update

mailing-list

x_refsource_MLIST

https://security.netapp.com/advisory/ntap-20210219-0007/

x_refsource_CONFIRM

https://security.netapp.com/advisory/ntap-20210226-0007/

x_refsource_CONFIRM

https://security.netapp.com/advisory/ntap-20210226-0006/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.