Extended Lifecycle Support CVE dashboard by TuxСare

CVEs Releases Projects

CVE-2020-24606

Updated: 2022-05-25 15:43:17.072221

Description:

Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x HIGH 7.1
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Status Errata Last updated
CentOS 6 ELS squid34 3.4.14-15 Released CLSA-2021:1632262221 2022-05-05 12:36:55.485486
CentOS 6 ELS squid 3.1.23 Released CLSA-2021:1628782974 2022-05-05 12:38:16.141606
CloudLinux 6 ELS squid34 3.4.14-15 Released 2021-11-02 14:03:19.218178
CloudLinux 6 ELS squid 3.1.23 Released 2021-11-02 14:03:19.18058
Oracle Linux 6 ELS squid 3.1.23 Released 2021-11-02 14:03:19.188393
Oracle Linux 6 ELS squid34 3.4.14-15 Released CLSA-2021:1634925634 2021-11-02 14:03:19.228064
Ubuntu 16.04 ELS squid 3.5.12-1ubuntu7.15 Not vulnerable 2021-11-02 14:03:19.195782