Description
An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string.
Remediation
References
Related Vulnerabilities
WordPress Plugin ForumConverter SQL Injection (1.11)
WordPress Plugin Ivory Search-WordPress Search Unspecified Vulnerability (5.4.3)
WordPress Plugin BigDoor Quick Gamification for WordPress Cross-Site Scripting (1.0.5)
WordPress Plugin Media Tags Cross-Site Scripting (3.2.0.2)
Oracle Application Server Other Vulnerability (CVE-2002-0561)