CVE-2020-24606

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-24606
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-24606.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-24606
Downstream
Related
Published
2020-08-24T18:15:10.047Z
Modified
2026-02-02T21:34:52.349607Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cachepeer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peerdigest.cc mishandles EOF.

References

Affected packages

Git / github.com/squid-cache/squid

Affected ranges

Type
GIT
Repo
https://github.com/squid-cache/squid
Events
Fixed
3f5d044d9a4873b3c769d13c43d5d3f9bfe258a3
Introduced
8a511d5e05aa17b47c7566839fd9c524512489d3
Fixed
f4ade365f80fcf9fec62b31f9a4df5e26e42e206

Affected versions

Other
SQUID_5_0_1
SQUID_5_0_2
SQUID_5_0_3

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-24606.json"