PT-2011-1085 · Squid+2 · Squid+3
Published
2011-09-06
·
Updated
2023-02-13
·
CVE-2011-3205
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Squid versions 3.0 through 3.0.STABLE25
Squid versions 3.1 through 3.1.14
Squid versions 3.2 through 3.2.0.10
Description
The issue is related to a buffer overflow in the gopherToHTML function in the Gopher reply parser. This can be exploited by remote Gopher servers, potentially leading to a denial of service, memory corruption, and daemon restart. The vulnerability may also have other unspecified impacts via a long line in a response. It is a regression of a previously fixed issue.
Recommendations
For Squid versions 3.0 through 3.0.STABLE25, update to version 3.0.STABLE26 or later.
For Squid versions 3.1 through 3.1.14, update to version 3.1.15 or later.
For Squid versions 3.2 through 3.2.0.10, update to version 3.2.0.11 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Red Hat
Squid
Squid Cache
Suse