Description
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.
Remediation
References
Related Vulnerabilities
WordPress Plugin Post Custom Templates Lite Cross-Site Scripting (1.6)
WordPress Plugin MailPoet-emails and newsletters in WordPress Cross-Site Scripting (3.23.1)
Liferay Portal Missing Authorization Vulnerability (CVE-2022-38512)
Drupal Core 8.8.x Remote Code Execution (8.8.0 - 8.8.7)
TYPO3 Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2022-36104)