CVE-2020-14058
squid: DoS in TLS handshake
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string.
Se detectó un problema en Squid versiones anteriores a 4.12 y versiones 5.x anteriores a 5.0.3. Debido al uso de una función potencialmente peligrosa, Squid y el asistente de comprobación de certificados predeterminado son vulnerables a una Denegación de Servicio al abrir una conexión TLS en un servidor controlado por el atacante por HTTPS. Esto ocurre porque los valores de error no reconocidos son asignados a NULL, pero el código posterior espera que cada valor de error sea asignado a una cadena de error válida
A flaw was found in squid. A denial-of-service attack while processing TLS certificates is possible due to use of a potentially dangerous function in Squid and the default certificate validation helper. The highest threat from this vulnerability is to system availability.
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include buffer overflow, bypass, cross site request forgery, denial of service, heap overflow, information leakage, and out of bounds read vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-06-13 CVE Reserved
- 2020-06-30 CVE Published
- 2024-08-04 CVE Updated
- 2025-05-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-676: Use of Potentially Dangerous Function
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
https://security.netapp.com/advisory/ntap-20210312-0001 | Third Party Advisory |
|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | >= 3.1 <= 3.5.28 Search vendor "Squid-cache" for product "Squid" and version " >= 3.1 <= 3.5.28" | - |
Affected
| ||||||
Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | >= 4.0 < 4.12 Search vendor "Squid-cache" for product "Squid" and version " >= 4.0 < 4.12" | - |
Affected
| ||||||
Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | >= 5.0 < 5.0.3 Search vendor "Squid-cache" for product "Squid" and version " >= 5.0 < 5.0.3" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 31 Search vendor "Fedoraproject" for product "Fedora" and version "31" | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Cloud Manager Search vendor "Netapp" for product "Cloud Manager" | - | - |
Affected
|