Ubuntu.comUB:CVE-2020-14059CVE-2020-14059
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
68.4%
An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect
Synchronization, a Denial of Service can occur when processing objects in
an SMP cache because of an Ipc::Mem::PageStack::pop ABA problem during
access to the memory page/slot management list.
Notes
| Author | Note |
|---|---|
| mdeslaur | this only affected Squid 5.x |
References
www.squid-cache.org/Advisories/SQUID-2020_5.txt
www.squid-cache.org/Versions/v5/changesets/squid-5-7a5af8db8e0377c06ed9ffbdcb1334389c7cd8ab.patch
github.com/squid-cache/squid/security/advisories/GHSA-w7pw-2m4p-58hr
launchpad.net/bugs/cve/CVE-2020-14059
nvd.nist.gov/vuln/detail/CVE-2020-14059
security-tracker.debian.org/tracker/CVE-2020-14059
www.cve.org/CVERecord?id=CVE-2020-14059
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
68.4%