CVE-2020-14058

Опубликовано: 30 июн. 2020

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 5

CVSS3: 7.5

Описание

An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string.

Релиз	Статус	Примечание
bionic	DNE
devel	not-affected	code not compiled
eoan	not-affected	code not compiled
esm-infra-legacy/trusty	DNE
esm-infra/focal	not-affected	code not compiled
focal	not-affected	code not compiled
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	DNE
upstream	needs-triage

Показывать по

Релиз	Статус	Примечание
bionic	not-affected	code not compiled
devel	DNE
eoan	DNE
esm-infra-legacy/trusty	DNE
esm-infra/bionic	not-affected	code not compiled
esm-infra/focal	DNE
esm-infra/xenial	not-affected	code not compiled
focal	DNE
precise/esm	not-affected	code not compiled
trusty	ignored	end of standard support

Показывать по

Ссылки на источники

EPSS

Процентиль: 62%

0.00426

Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

CVE-2020-14058

CVSS3: 7.7

redhat

больше 5 лет назад

CVE-2020-14058

CVSS3: 7.5

nvd

больше 5 лет назад

CVE-2020-14058

CVSS3: 7.5

debian

больше 5 лет назад

An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due ...

RLSA-2020:4743

rocky

около 5 лет назад

Moderate: squid:4 security, bug fix, and enhancement update

ELSA-2020-4743

oracle-oval

около 5 лет назад

ELSA-2020-4743: squid:4 security, bug fix, and enhancement update (MODERATE)

EPSS

Процентиль: 62%

0.00426

Низкий

5 Medium

CVSS2

7.5 High

CVSS3

CVE-2020-14058

Описание

Пакет squid

Пакет squid3

Ссылки на источники

Связанные уязвимости