cbcvebase.
CVE-2020-24606
published 2020-08-24

CVE-2020-24606: Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted…

PriorityP341high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
5.16%
91.4th percentile
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.

Affected

18 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiandebian_linux
debiandebian_linux
debiansquid< squid 4.13-1 (bookworm)squid 4.13-1 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
fedoraprojectfedora
opensuseleap
opensuseleap
squid-cachesquid>= 3.0 < 4.134.13
squid-cachesquid>= 5.0.1 < 5.0.45.0.4
squidsquid>= 0 < 4.13-14.13-1
squidsquid>= 0 < 4.13-14.13-1
squidsquid>= 0 < 4.13-14.13-1
squidsquid>= 0 < 4.13-14.13-1
squidsquid>= 0 < 4.10-1ubuntu1.24.10-1ubuntu1.2

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.07.1HIGHAV:N/AC:M/Au:N/C:N/I:N/A:C
osv8.8HIGH
vendor_ubuntu9.9CRITICAL
vendor_debian8.6HIGH
vendor_redhat8.6HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.