CVE-2020-14058

Опубликовано: 19 июн. 2020

Источник: redhat

CVSS3: 7.7

EPSS Низкий

Описание

An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string.

A flaw was found in squid. A denial-of-service attack while processing TLS certificates is possible due to use of a potentially dangerous function in Squid and the default certificate validation helper. The highest threat from this vulnerability is to system availability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	squid	Not affected
Red Hat Enterprise Linux 6	squid	Out of support scope
Red Hat Enterprise Linux 6	squid34	Out of support scope
Red Hat Enterprise Linux 7	squid	Will not fix
Red Hat Enterprise Linux 8	squid	Fixed	RHSA-2020:4743	04.11.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-676

https://bugzilla.redhat.com/show_bug.cgi?id=1852554squid: DoS in TLS handshake

EPSS

Процентиль: 67%

0.00545

Низкий

7.7 High

CVSS3

Связанные уязвимости

CVE-2020-14058

CVSS3: 7.5

ubuntu

почти 5 лет назад

CVE-2020-14058

CVSS3: 7.5

nvd

почти 5 лет назад

CVE-2020-14058

CVSS3: 7.5

debian

почти 5 лет назад

An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due ...

RLSA-2020:4743

rocky

больше 4 лет назад

Moderate: squid:4 security, bug fix, and enhancement update

ELSA-2020-4743

oracle-oval

больше 4 лет назад

ELSA-2020-4743: squid:4 security, bug fix, and enhancement update (MODERATE)

EPSS

Процентиль: 67%

0.00545

Низкий

7.7 High

CVSS3