CVE-2020-14059

MEDIUM

Squid < 5.0.3 - Denial of Service

Title source: rule

Description

An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect Synchronization, a Denial of Service can occur when processing objects in an SMP cache because of an Ipc::Mem::PageStack::pop ABA problem during access to the memory page/slot management list.

References (3)

[Patch, Vendor Advisory] http://www.squid-cache.org/Versions/v5/changesets/squid-5-7a5af8db8e0377c06ed9ffbdcb1334389c7cd8ab.patch

[Vendor Advisory] http://www.squid-cache.org/Advisories/SQUID-2020_5.txt

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20210312-0001/

Scores

CVSS v3 6.5

EPSS 0.0422

EPSS Percentile 88.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-662

Status published

Products (1)

squid-cache/squid 5.0 - 5.0.3

Published Jun 30, 2020

Tracked Since Feb 18, 2026