logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2020-24606

Description

Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.


Affected Software


CPE Name Name Version
squid-cache:squid squid-cache squid 4.13
squid-cache:squid squid-cache squid 5.0.4
canonical:ubuntu_linux canonical ubuntu linux 16.04
canonical:ubuntu_linux canonical ubuntu linux 18.04
canonical:ubuntu_linux canonical ubuntu linux 20.04
debian:debian_linux debian debian linux 9.0
debian:debian_linux debian debian linux 10.0
fedoraproject:fedora fedoraproject fedora 31
fedoraproject:fedora fedoraproject fedora 32
fedoraproject:fedora fedoraproject fedora 33
opensuse:leap opensuse leap 15.1
opensuse:leap opensuse leap 15.2

Related