What is CVE-2020-24606?

CVE-2020-24606 is a vulnerability in Squid, a cache proxy server, that allows a trusted peer to perform a Denial of Service attack by consuming all available CPU cycles.

Which versions of Squid are affected by CVE-2020-24606?

Squid versions before 4.13 and 5.x before 5.0.4 are affected by CVE-2020-24606.

How severe is CVE-2020-24606?

CVE-2020-24606 has a severity rating of 8.6 (high).

What is the recommended fix for CVE-2020-24606?

To fix CVE-2020-24606, it is recommended to update Squid to version 4.13 or 5.0.4 or later.

Where can I find more information about CVE-2020-24606?

More information about CVE-2020-24606 can be found on the official Squid website and the OpenSUSE security announcements.

Vulnerability/
CVE-2020-24606

high

8.6

CWE

667

24/8/2020

4/8/2024

CVE-2020-24606

First published: Mon Aug 24 2020(Updated: )

Last updated 24 July 2024

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
debian/squid	<=4.6-1<=4.12-1<=4.6-1+deb10u3	4.13-1 4.6-1+deb10u4
Squid-Cache Squid	>=3.0<4.13
Squid-Cache Squid	>=5.0.1<5.0.4
Canonical Ubuntu Linux	=16.04
Canonical Ubuntu Linux	=18.04
Canonical Ubuntu Linux	=20.04
Debian Debian Linux	=9.0
Debian Debian Linux	=10.0
Fedoraproject Fedora	=31
Fedoraproject Fedora	=32
Fedoraproject Fedora	=33
openSUSE Leap	=15.1
openSUSE Leap	=15.2
IBM Security Guardium	<=10.5
IBM Security Guardium	<=10.6
IBM Security Guardium	<=11.0
IBM Security Guardium	<=11.1
IBM Security Guardium	<=11.2
IBM Security Guardium	<=11.3
debian/squid		4.13-10+deb11u3 5.7-2+deb12u2 6.10-1

Remedy

http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_9.patch

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6455281

Frequently Asked Questions

What is CVE-2020-24606?
CVE-2020-24606 is a vulnerability in Squid, a cache proxy server, that allows a trusted peer to perform a Denial of Service attack by consuming all available CPU cycles.
Which versions of Squid are affected by CVE-2020-24606?
Squid versions before 4.13 and 5.x before 5.0.4 are affected by CVE-2020-24606.
How severe is CVE-2020-24606?
CVE-2020-24606 has a severity rating of 8.6 (high).
What is the recommended fix for CVE-2020-24606?
To fix CVE-2020-24606, it is recommended to update Squid to version 4.13 or 5.0.4 or later.
Where can I find more information about CVE-2020-24606?
More information about CVE-2020-24606 can be found on the official Squid website and the OpenSUSE security announcements.

collector/debian-bugs
alias/CVE-2020-24606
collector/nvd-index
agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
agent/author
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
agent/remedy
agent/weakness
agent/description
agent/references
collector/ibm-support
source/IBM
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/tags
agent/event
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/usn-cve
source/Ubuntu
package-manager/debian
vendor/squid-cache
canonical/squid-cache squid
version/squid-cache squid/3.0
version/squid-cache squid/5.0.1
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/16.04
version/canonical ubuntu linux/18.04
version/canonical ubuntu linux/20.04
vendor/debian
canonical/debian debian linux
version/debian debian linux/9.0
version/debian debian linux/10.0
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/31
version/fedoraproject fedora/32
version/fedoraproject fedora/33
vendor/opensuse
canonical/opensuse leap
version/opensuse leap/15.1
version/opensuse leap/15.2
vendor/ibm
canonical/ibm security guardium
version/ibm security guardium/10.5
version/ibm security guardium/10.6
version/ibm security guardium/11.0
version/ibm security guardium/11.1
version/ibm security guardium/11.2
version/ibm security guardium/11.3