Description
An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string.
Remediation
References
Related Vulnerabilities
WordPress Plugin Zotpress 'zotpress.rss.php' SQL Injection (4.4)
MySQL CVE-2021-2160 Vulnerability (CVE-2021-2160)
WordPress Plugin Thumbnail carousel slider Arbitrary File Upload (1.0)
Envoy mishandles dropped and truncated datagrams Issue (CVE-2020-35471)
phpMyFAQ Improper Access Control Vulnerability (CVE-2023-1883)