CVE-2020-24606

Updated: 2023-11-07 19:06:48.602847

Description:

Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x HIGH 7.1
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS squid34 3.4.14 7.5 HIGH Released CLSA-2021:1632262221 2022-05-05 12:36:55
CentOS 6 ELS squid 3.1.23 7.5 HIGH Released CLSA-2021:1628782974 2022-05-05 12:38:16
CloudLinux 6 ELS squid34 3.4.14 7.5 HIGH Released 2021-11-02 14:03:19
CloudLinux 6 ELS squid 3.1.23 7.5 HIGH Released 2021-11-02 14:03:19
Oracle Linux 6 ELS squid 3.1.23 7.5 HIGH Released 2021-11-02 14:03:19
Oracle Linux 6 ELS squid34 3.4.14 7.5 HIGH Released CLSA-2021:1634925634 2021-11-02 14:03:19
Ubuntu 16.04 ELS squid 3.5.12-1 7.5 HIGH Not Vulnerable 2021-11-02 14:03:19