CVE-2020-14058
Description
An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.545
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2020:4743) squid:4 security, bug fix, and enhancement update squid-4.11-3.module+el8.3.0+7851+7808b5f9.x86_64.rpm | Linux |
| (RHSA-2020:4743) squid:4 security, bug fix, and enhancement update squid-debugsource-4.11-3.module+el8.3.0+7851+7808b5f9.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234