Updated: 2024-11-30 02:27:32.040704
Description:
An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | MEDIUM | 5 |
CVSS Version 3.x | HIGH | 7.5 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
---|---|---|---|---|---|---|---|---|
CentOS 6 ELS | squid34 | 3.4.14 | 7.5 | HIGH | Released | CLSA-2021:1632262221 | 2022-05-05 12:36:55 | |
CentOS 6 ELS | squid | 3.1.23 | 7.5 | HIGH | Released | CLSA-2021:1629902677 | 2022-05-05 12:00:38 | |
CloudLinux 6 ELS | squid | 3.1.23 | 7.5 | HIGH | Released | 2022-04-28 15:57:41 | ||
CloudLinux 6 ELS | squid34 | 3.4.14 | 7.5 | HIGH | Released | 2022-04-28 15:57:41 | ||
Oracle Linux 6 ELS | squid | 3.1.23 | 7.5 | HIGH | Released | CLSA-2021:1634925600 | 2022-04-28 15:57:41 | |
Oracle Linux 6 ELS | squid34 | 3.4.14 | 7.5 | HIGH | Released | CLSA-2021:1634925634 | 2022-04-28 15:57:41 | |
Ubuntu 16.04 ELS | squid | 3.5.12-1 | 7.5 | HIGH | Not Vulnerable | 2022-04-28 15:57:41 |