CVE-2020-14059

EPSS 3.42%
Published 30.06.2020 19:15:11
Last modified 21.11.2024 05:02:27
Source cve@mitre.org
Teams watchlist Login
Open Login

An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect Synchronization, a Denial of Service can occur when processing objects in an SMP cache because of an Ipc::Mem::PageStack::pop ABA problem during access to the memory page/slot management list.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Squid-cache ≫ Squid Version >= 5.0 < 5.0.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	3.42%	0.863

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:N/A:P

CWE-662 Improper Synchronization

The product utilizes multiple threads or processes to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes.

https://security.netapp.com/advisory/ntap-20210312-0001/

Third Party Advisory

http://www.squid-cache.org/Advisories/SQUID-2020_5.txt

Vendor Advisory

http://www.squid-cache.org/Versions/v5/changesets/squid-5-7a5af8db8e0377c06ed9ffbdcb1334389c7cd8ab.patch

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-14059

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-14059

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-14059

EUVD