Vulnerability CVE-2020-24606: Information
Description
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
|---|---|---|---|---|---|---|
| squid | sisyphus | 4.13-alt1 | 6.8-alt1 | ALT-PU-2020-3116-1 | 260268 | Fixed |
| squid | p10 | 4.13-alt1 | 6.6-alt1 | ALT-PU-2020-3116-1 | 260268 | Fixed |
| squid | p9 | 4.13-alt1 | 4.13-alt1 | ALT-PU-2020-3140-1 | 260355 | Fixed |
| squid | c10f1 | 4.13-alt1 | 6.6-alt1 | ALT-PU-2020-3116-1 | 260268 | Fixed |
| squid | c9f2 | 4.13-alt1 | 4.15-alt1 | ALT-PU-2020-3142-1 | 260359 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
|---|---|
| http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_9.patch |
|
| https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg |
|
| DSA-4751 |
|
| USN-4477-1 |
|
| openSUSE-SU-2020:1346 |
|
| openSUSE-SU-2020:1369 |
|
| USN-4551-1 |
|
| [debian-lts-announce] 20201002 [SECURITY] [DLA 2394-1] squid3 security update |
|
| https://security.netapp.com/advisory/ntap-20210219-0007/ |
|
| https://security.netapp.com/advisory/ntap-20210226-0006/ |
|
| https://security.netapp.com/advisory/ntap-20210226-0007/ |
|
| FEDORA-2020-73af8655eb | |
| FEDORA-2020-63f3bd656e | |
| FEDORA-2020-6c58bff862 |