Description
An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string.
Remediation
References
Related Vulnerabilities
WordPress Plugin CallRail Phone Call Tracking Cross-Site Request Forgery (0.4.9)
WordPress Plugin Carousel slideshow 'swfupload.swf' Cross-Site Scripting (3.10)
Oracle Database Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-5499)
WordPress Plugin MediaElement.js-HTML5 Video & Audio Player Cross-Site Scripting (4.2.8)
WordPress Plugin WP Maps-Display Google Maps Perfectly with Ease Unspecified Vulnerability (3.1.6)