Описание
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- PatchVendor Advisory
- Third Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Broken Link
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- PatchVendor Advisory
- Third Party Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
Одно из
Одно из
Одно из
Одно из
Одно из
EPSS
8.6 High
CVSS3
7.5 High
CVSS3
7.1 High
CVSS2
Дефекты
Связанные уязвимости
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perfor ...
Уязвимость функции peerDigestHandleReply() прокси-сервера Squid, связанная с недостатком механизма проверки вводимых данных, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
8.6 High
CVSS3
7.5 High
CVSS3
7.1 High
CVSS2