Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF. CREATE(Triage):(User=admin) [CVE-2020-24606|https://nvd.nist.gov/vuln/detail/CVE-2020-24606]
