8.6

CVE-2020-24606

Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Squid-cacheSquid Version >= 3.0 < 4.13
Squid-cacheSquid Version >= 5.0.1 < 5.0.4
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version20.04 SwEditionlts
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
FedoraprojectFedora Version31
FedoraprojectFedora Version32
FedoraprojectFedora Version33
OpensuseLeap Version15.1
OpensuseLeap Version15.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.16% 0.914
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 7.1 8.6 6.9
AV:N/AC:M/Au:N/C:N/I:N/A:C
cve@mitre.org 8.6 3.9 4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CWE-667 Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html
Third Party Advisory
Mailing List
https://usn.ubuntu.com/4551-1/
Third Party Advisory
http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_9.patch
Patch
Vendor Advisory
https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/
https://security.netapp.com/advisory/ntap-20210219-0007/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210226-0006/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210226-0007/
Broken Link
https://usn.ubuntu.com/4477-1/
Third Party Advisory
https://www.debian.org/security/2020/dsa-4751
Third Party Advisory