Description
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP-Lister Lite for Amazon Directory Traversal (0.9.6.35)
Oracle JRE CVE-2022-21618 Vulnerability (CVE-2022-21618)
PostgreSQL Out-of-bounds Write Vulnerability (CVE-2015-0242)
Oracle Application Server Other Vulnerability (CVE-2002-0947)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0005)