CVE-2020-14058

CVSS v3.1 7.5 (High)

CVSS v2.0 5 (Medium)

EPSS 0.56 % (78^th)

Affected Products 3

Advisories 6

An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string.

Weaknesses

CWE-NVD-noinfo

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2020-06-30 19:15:11
(4 years ago)
Updated Date: 2023-11-07 03:17:05
(10 months ago)

Affected Products

Configuration #1

	CPE23	From	Up To
Squid-cache Squid from 3.1 version and 3.5.28 and prior versions	cpe:2.3:a:squid-cache:squid	>= 3.1	<= 3.5.28
Squid-cache Squid from 4.0 version and prior 4.12 version	cpe:2.3:a:squid-cache:squid	>= 4.0	< 4.12
Squid-cache Squid from 5.0 version and prior 5.0.3 version	cpe:2.3:a:squid-cache:squid	>= 5.0	< 5.0.3

Configuration #2

		CPE23	From	Up To
	Fedoraproject Fedora 31	cpe:2.3:o:fedoraproject:fedora:31

Configuration #3

		CPE23	From	Up To
	Netapp Cloud Manager	cpe:2.3:a:netapp:cloud_manager:-

Weaknesses

Affected Products

Fedoraproject

Netapp

Squid-cache

Configuration #1

Configuration #2

Configuration #3