Your submission was sent successfully! Close

CVE-2020-14058

Published: 30 June 2020

An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
squid
Launchpad, Ubuntu, Debian
bionic Does not exist

eoan Not vulnerable
(code not compiled)
focal Not vulnerable
(code not compiled)
precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

squid3
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not compiled)
eoan Does not exist

focal Does not exist

precise Not vulnerable
(code not compiled)
trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(code not compiled)