Detections
Analytics
CVE-2020-24606
high
Description
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.
References
https://www.debian.org/security/2020/dsa-4751
https://usn.ubuntu.com/4551-1/
https://usn.ubuntu.com/4477-1/
https://security.netapp.com/advisory/ntap-20210226-0006/
https://security.netapp.com/advisory/ntap-20210219-0007/
https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html
https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg