PT-2020-5763 · Squid+8 · Squid+9

Lubos Uhliarik

·

Published

2020-08-24

·

Updated

2024-06-15

·

CVE-2020-24606

CVSS v3.1

8.6

High

VectorAC:L/AV:N/A:H/C:N/I:N/PR:N/S:C/UI:N
Name of the Vulnerable Software and Affected Versions: Squid versions prior to 4.13 Squid versions 5.x prior to 5.0.4
Description: The issue is related to a lack of input validation in the peerDigestHandleReply() function of the Squid proxy server. This can be exploited by a remote attacker to cause a denial of service. The problem occurs when the cache peer feature is used with cache digests and a trusted peer sends a crafted Cache Digest response message, causing the peerDigestHandleReply() function to mishandle EOF and consume all available CPU cycles.
Recommendations: For Squid versions prior to 4.13, update to version 4.13 or later to resolve the issue. For Squid versions 5.x prior to 5.0.4, update to version 5.0.4 or later to resolve the issue. As a temporary workaround, consider disabling the cache digests feature when using cache peer to minimize the risk of exploitation.

Fix

DoS

RCE

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-667

Related Identifiers

ALSA-2020:4743
ALT-PU-2020-3116
ALT-PU-2020-3140
ALT-PU-2020-3142
BDU:2021-01722
CESA-2020_4082
CESA-2020_4743
CVE-2020-24606
DLA-2394-1
DSA-4751-1
GHSA-VVJ7-XJGQ-G2JG
MGASA-2020-0361
OESA-2021-1092
OPENSUSE-SU-2020:1346-1
OPENSUSE-SU-2020:1369-1
OPENSUSE-SU-2020_1346-1
OPENSUSE-SU-2020_1369-1
OPENSUSE-SU-2024:11403-1
RHSA-2020:4082
RHSA-2020:4743
RHSA-2020_4082
RHSA-2020_4743
RLSA-2020:4743
SUSE-SU-2020:14590-1
SUSE-SU-2020:2442-1
SUSE-SU-2020:2443-1
SUSE-SU-2020:2471-1
SUSE-SU-2020_14590-1
USN-4477-1
USN-4551-1

Affected Products

Alt Linux
Almalinux
Centos
Linuxmint
Red Hat
Rocky Linux
Squid
Squid Cache
Suse
Ubuntu