PT-2020-3004 · Squid+2 · Squid+3

Jack Zar

Published

2020-06-26

Updated

2024-06-15

CVE-2020-14059

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Squid versions 5.x prior to 5.0.3

Description The issue is related to errors in synchronization in the Ipc::Mem::PageStack::pop function of the Squid proxy server. Exploitation of this issue may allow a remote attacker to cause a denial of service. The problem occurs when processing objects in an SMP cache due to an ABA problem during access to the memory page/slot management list.

Recommendations For Squid versions 5.x prior to 5.0.3, update to version 5.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable function Ipc::Mem::PageStack::pop until a patch is available.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-662

Related Identifiers

ALT-PU-2020-3116

ALT-PU-2020-3140

ALT-PU-2020-3142

BDU:2020-03226

CVE-2020-14059

MGASA-2020-0332

OPENSUSE-SU-2020:0910-1

OPENSUSE-SU-2020:0914-1

OPENSUSE-SU-2020_0910-1

OPENSUSE-SU-2020_0914-1

OPENSUSE-SU-2024:11403-1

SUSE-SU-2020:14460-1

SUSE-SU-2020:1769-1

SUSE-SU-2020:1770-1

SUSE-SU-2020:1803-1

SUSE-SU-2020_1769-1

SUSE-SU-2020_1770-1

Affected Products

Alt Linux

Squid

Squid Cache

Suse

PT-2020-3004 · Squid+2 · Squid+3

CVE-2020-14059

Weakness Enumeration

Related Identifiers

Affected Products

References · 91