Description
An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string.
Remediation
References
Related Vulnerabilities
WordPress 2.0.1 Denial of Service Vulnerability (0.6.2 - 2.0.1)
WordPress Plugin Site Offline Or Coming Soon Or Maintenance Mode Security Bypass (1.5.2)
Magento Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-9588)
axios Uncontrolled Resource Consumption Vulnerability (CVE-2021-3749)