CVE-2020-24606 HIGH

CVE-2020-24606

Vendor N/A
Product n/a
Published August 24, 2020
Last update August 4, 2024

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:C/UI:N

What the vulnerability does

01Description

Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.

Key dates

02Disclosure timeline

August 24, 2020 CVE published
August 4, 2024 Record updated