Description

An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string.

Remediation

References

CVE-2020-14058

Related Vulnerabilities

Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-21673)

WordPress Plugin AIT Themes-CSV Import/Export Arbitrary File Upload (3.0.3)

WordPress Plugin Multivendor Marketplace Solution for WooCommerce-WC Marketplace Cross-Site Request Forgery (3.7.3)

Lodash CVE-2018-3721 Vulnerability (CVE-2018-3721)

WordPress Resource Management Errors Vulnerability (CVE-2014-5265)

Severity

High

Classification

CVE-2020-14058 CWE-476 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities