// For flags

CVE-2020-14058

squid: DoS in TLS handshake

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string.

Se detectó un problema en Squid versiones anteriores a 4.12 y versiones 5.x anteriores a 5.0.3. Debido al uso de una función potencialmente peligrosa, Squid y el asistente de comprobación de certificados predeterminado son vulnerables a una Denegación de Servicio al abrir una conexión TLS en un servidor controlado por el atacante por HTTPS. Esto ocurre porque los valores de error no reconocidos son asignados a NULL, pero el código posterior espera que cada valor de error sea asignado a una cadena de error válida

A flaw was found in squid. A denial-of-service attack while processing TLS certificates is possible due to use of a potentially dangerous function in Squid and the default certificate validation helper. The highest threat from this vulnerability is to system availability.

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include buffer overflow, bypass, cross site request forgery, denial of service, heap overflow, information leakage, and out of bounds read vulnerabilities.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-06-13 CVE Reserved
  • 2020-06-30 CVE Published
  • 2024-08-04 CVE Updated
  • 2025-05-04 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-676: Use of Potentially Dangerous Function
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Squid-cache
Search vendor "Squid-cache"
 Squid
Search vendor "Squid-cache" for product "Squid"
 >= 3.1 <= 3.5.28
Search vendor "Squid-cache" for product "Squid" and version " >= 3.1 <= 3.5.28"
-
Affected
Squid-cache
Search vendor "Squid-cache"
 Squid
Search vendor "Squid-cache" for product "Squid"
 >= 4.0 < 4.12
Search vendor "Squid-cache" for product "Squid" and version " >= 4.0 < 4.12"
-
Affected
Squid-cache
Search vendor "Squid-cache"
 Squid
Search vendor "Squid-cache" for product "Squid"
 >= 5.0 < 5.0.3
Search vendor "Squid-cache" for product "Squid" and version " >= 5.0 < 5.0.3"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 31
Search vendor "Fedoraproject" for product "Fedora" and version "31"
-
Affected
Netapp
Search vendor "Netapp"
 Cloud Manager
Search vendor "Netapp" for product "Cloud Manager"
--
Affected