Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2020-24606

Опубликовано: 24 авг. 2020
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 7.1
CVSS3: 8.6

Описание

Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.

РелизСтатусПримечание
bionic

DNE

devel

released

4.13-1ubuntu1
esm-infra-legacy/trusty

DNE

esm-infra/focal

not-affected

4.10-1ubuntu1.2
focal

released

4.10-1ubuntu1.2
groovy

released

4.13-1ubuntu1
hirsute

released

4.13-1ubuntu1
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

Показывать по

РелизСтатусПримечание
bionic

released

3.5.27-1ubuntu1.9
devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/bionic

not-affected

3.5.27-1ubuntu1.9
esm-infra/focal

DNE

esm-infra/xenial

not-affected

3.5.12-1ubuntu7.15
focal

DNE

groovy

DNE

hirsute

DNE

precise/esm

ignored

end of life, was needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 91%
0.06342
Низкий

7.1 High

CVSS2

8.6 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2020-24606

CVSS3: 7.5
redhat
почти 5 лет назад

Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.

nvd логотип

CVE-2020-24606

CVSS3: 8.6
nvd
почти 5 лет назад

Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.

debian логотип

CVE-2020-24606

CVSS3: 8.6
debian
почти 5 лет назад

Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perfor ...

fstec логотип

BDU:2021-01722

CVSS3: 7.5
fstec
почти 5 лет назад

Уязвимость функции peerDigestHandleReply() прокси-сервера Squid, связанная с недостатком механизма проверки вводимых данных, позволяющая нарушителю вызвать отказ в обслуживании

suse-cvrf логотип

SUSE-SU-2020:2471-1

suse-cvrf
почти 5 лет назад

Security update for squid

EPSS

Процентиль: 91%
0.06342
Низкий

7.1 High

CVSS2

8.6 High

CVSS3