Denial of Service Vulnerability in Squid Proxy Server
CVE-2020-14058

7.5HIGH

Key Information:

Vendor

Squid-cache

Status
Squid
Vendor
CVE Published:
30 June 2020

What is CVE-2020-14058?

A vulnerability in Squid Proxy Server prior to version 4.12 and 5.x before 5.0.3 enables an attacker to trigger a Denial of Service when a TLS connection is initiated to a maliciously crafted server. The flaw arises from the mishandling of unrecognized error values within the default certificate validation helper component, leading to a NULL mapping. Subsequent code that expects valid error string mappings results in the application becoming unresponsive.

References

http://www.squid-cache.org/Versions/v5/changesets/squid-5...
x_refsource_MISC
http://www.squid-cache.org/Versions/v4/changesets/squid-4...
x_refsource_MISC
http://www.squid-cache.org/Advisories/SQUID-2020_6.txt
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.