CVE-2011-3205

Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065534.html
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
http://openwall.com/lists/oss-security/2011/08/29/2
http://openwall.com/lists/oss-security/2011/08/30/4
http://openwall.com/lists/oss-security/2011/08/30/8
http://secunia.com/advisories/45805	Vendor Advisory
http://secunia.com/advisories/45906
http://secunia.com/advisories/45920
http://secunia.com/advisories/45965
http://secunia.com/advisories/46029
http://securitytracker.com/id?1025981
http://www.debian.org/security/2011/dsa-2304
http://www.mandriva.com/security/advisories?name=MDVSA-2011:150
http://www.osvdb.org/74847
http://www.redhat.com/support/errata/RHSA-2011-1293.html
http://www.securityfocus.com/bid/49356
http://www.squid-cache.org/Advisories/SQUID-2011_3.txt
http://www.squid-cache.org/Versions/v2/2.HEAD/changesets/12710.patch	Patch
http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch	Patch
http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10363.patch	Patch
http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11294.patch	Patch
https://bugzilla.redhat.com/show_bug.cgi?id=734583	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:squid-cache:squid:3.0.stable1:::::::*
	cpe:2.3:a:squid-cache:squid:3.0.stable2:::::::*
	cpe:2.3:a:squid-cache:squid:3.0.stable3:::::::*
	cpe:2.3:a:squid-cache:squid:3.0.stable4:::::::*
	cpe:2.3:a:squid-cache:squid:3.0.stable5:::::::*
	cpe:2.3:a:squid-cache:squid:3.0.stable6:::::::*
	cpe:2.3:a:squid-cache:squid:3.0.stable7:::::::*
	cpe:2.3:a:squid-cache:squid:3.0.stable8:::::::*
	cpe:2.3:a:squid-cache:squid:3.0.stable9:::::::*
	cpe:2.3:a:squid-cache:squid:3.0.stable10:::::::*
	cpe:2.3:a:squid-cache:squid:3.0.stable11:::::::*
	cpe:2.3:a:squid-cache:squid:3.0.stable11:rc1::::::
	cpe:2.3:a:squid-cache:squid:3.0.stable12:::::::*
	cpe:2.3:a:squid-cache:squid:3.0.stable13:::::::*
	cpe:2.3:a:squid-cache:squid:3.0.stable14:::::::*
	cpe:2.3:a:squid-cache:squid:3.0.stable15:::::::*
	cpe:2.3:a:squid-cache:squid:3.0.stable16:::::::*
	cpe:2.3:a:squid-cache:squid:3.0.stable16:rc1::::::
	cpe:2.3:a:squid-cache:squid:3.0.stable17:::::::*
	cpe:2.3:a:squid-cache:squid:3.0.stable18:::::::*
	cpe:2.3:a:squid-cache:squid:3.0.stable19:::::::*
	cpe:2.3:a:squid-cache:squid:3.0.stable20:::::::*
	cpe:2.3:a:squid-cache:squid:3.0.stable21:::::::*
	cpe:2.3:a:squid-cache:squid:3.0.stable22:::::::*
	cpe:2.3:a:squid-cache:squid:3.0.stable23:::::::*
	cpe:2.3:a:squid-cache:squid:3.0.stable24:::::::*
	cpe:2.3:a:squid-cache:squid:3.0.stable25:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:squid-cache:squid:3.1:::::::*
	cpe:2.3:a:squid-cache:squid:3.1.0.1:::::::*
	cpe:2.3:a:squid-cache:squid:3.1.0.2:::::::*
	cpe:2.3:a:squid-cache:squid:3.1.0.3:::::::*
	cpe:2.3:a:squid-cache:squid:3.1.0.4:::::::*
	cpe:2.3:a:squid-cache:squid:3.1.0.5:::::::*
	cpe:2.3:a:squid-cache:squid:3.1.0.6:::::::*
	cpe:2.3:a:squid-cache:squid:3.1.0.7:::::::*
	cpe:2.3:a:squid-cache:squid:3.1.0.8:::::::*
	cpe:2.3:a:squid-cache:squid:3.1.0.9:::::::*
	cpe:2.3:a:squid-cache:squid:3.1.0.10:::::::*
	cpe:2.3:a:squid-cache:squid:3.1.0.11:::::::*
	cpe:2.3:a:squid-cache:squid:3.1.0.12:::::::*
	cpe:2.3:a:squid-cache:squid:3.1.0.13:::::::*
	cpe:2.3:a:squid-cache:squid:3.1.0.14:::::::*
	cpe:2.3:a:squid-cache:squid:3.1.0.15:::::::*
	cpe:2.3:a:squid-cache:squid:3.1.0.16:::::::*
	cpe:2.3:a:squid-cache:squid:3.1.0.17:::::::*
	cpe:2.3:a:squid-cache:squid:3.1.0.18:::::::*
	cpe:2.3:a:squid-cache:squid:3.1.1:::::::*
	cpe:2.3:a:squid-cache:squid:3.1.2:::::::*
	cpe:2.3:a:squid-cache:squid:3.1.3:::::::*
	cpe:2.3:a:squid-cache:squid:3.1.4:::::::*
	cpe:2.3:a:squid-cache:squid:3.1.5:::::::*
	cpe:2.3:a:squid-cache:squid:3.1.5.1:::::::*
	cpe:2.3:a:squid-cache:squid:3.1.6:::::::*
	cpe:2.3:a:squid-cache:squid:3.1.7:::::::*
	cpe:2.3:a:squid-cache:squid:3.1.8:::::::*
	cpe:2.3:a:squid-cache:squid:3.1.9:::::::*
	cpe:2.3:a:squid-cache:squid:3.1.10:::::::*
	cpe:2.3:a:squid-cache:squid:3.1.11:::::::*
	cpe:2.3:a:squid-cache:squid:3.1.12:::::::*
	cpe:2.3:a:squid-cache:squid:3.1.13:::::::*
	cpe:2.3:a:squid-cache:squid:3.1.14:::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:squid-cache:squid:3.2.0.1:::::::*
	cpe:2.3:a:squid-cache:squid:3.2.0.2:::::::*
	cpe:2.3:a:squid-cache:squid:3.2.0.3:::::::*
	cpe:2.3:a:squid-cache:squid:3.2.0.4:::::::*
	cpe:2.3:a:squid-cache:squid:3.2.0.5:::::::*
	cpe:2.3:a:squid-cache:squid:3.2.0.6:::::::*
	cpe:2.3:a:squid-cache:squid:3.2.0.7:::::::*
	cpe:2.3:a:squid-cache:squid:3.2.0.8:::::::*
	cpe:2.3:a:squid-cache:squid:3.2.0.9:::::::*
	cpe:2.3:a:squid-cache:squid:3.2.0.10:::::::*

History

No history.

Information

Published : 2011-09-06 15:55

Updated : 2023-11-07 02:08

NVD link : CVE-2011-3205

Mitre link : CVE-2011-3205

CVE.ORG link : CVE-2011-3205

JSON object : View

Products Affected

squid-cache

squid

CWE

NVD-CWE-Other

6.8 /10