CVE-2011-3205

Severity

68%

Complexity

86%

Confidentiality

106%

Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression.

Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression.

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P).

Overview

Type

squid-cache.org Squid

First reported 13 years ago

2011-09-06 15:55:00

Last updated 8 years ago

2016-11-28 19:07:00

Affected Software

squid-cache.org Squid 3.0.stable1

3.0.stable1

squid-cache.org Squid 3.0.stable2

3.0.stable2

squid-cache.org Squid 3.0.stable3

3.0.stable3

squid-cache.org Squid 3.0.stable4

3.0.stable4

squid-cache.org Squid 3.0.stable5

3.0.stable5

squid-cache.org Squid 3.0.stable6

3.0.stable6

squid-cache.org Squid 3.0.stable7

3.0.stable7

squid-cache.org Squid 3.0.stable8

3.0.stable8

squid-cache.org Squid 3.0.stable9

3.0.stable9

squid-cache.org Squid 3.0.stable10

3.0.stable10

squid-cache.org Squid 3.0.stable11

3.0.stable11

squid-cache.org Squid 3.0.stable11 release candidate 1

3.0.stable11

squid-cache.org Squid 3.0.stable12

3.0.stable12

squid-cache.org Squid 3.0.stable13

3.0.stable13

squid-cache.org Squid 3.0.stable14

3.0.stable14

squid-cache.org Squid 3.0.stable15

3.0.stable15

squid-cache.org Squid 3.0.stable16

3.0.stable16

squid-cache.org Squid 3.0.stable16 release candidate 1

3.0.stable16

squid-cache.org Squid 3.0.stable17

3.0.stable17

squid-cache.org Squid 3.0.stable18

3.0.stable18

squid-cache.org Squid 3.0.stable19

3.0.stable19

squid-cache.org Squid 3.0.stable20

3.0.stable20

squid-cache.org Squid 3.0.stable21

3.0.stable21

squid-cache.org Squid 3.0.stable22

3.0.stable22

squid-cache.org Squid 3.0.stable23

3.0.stable23

squid-cache.org Squid 3.0.stable24

3.0.stable24

squid-cache.org Squid 3.0.stable25

3.0.stable25

squid-cache.org Squid 3.1

3.1

squid-cache.org Squid 3.1.0.1

3.1.0.1

squid-cache.org Squid 3.1.0.2

3.1.0.2

squid-cache.org Squid 3.1.0.3

3.1.0.3

squid-cache.org Squid 3.1.0.4

3.1.0.4

squid-cache.org Squid 3.1.0.5

3.1.0.5

squid-cache.org Squid 3.1.0.6

3.1.0.6

squid-cache.org Squid 3.1.0.7

3.1.0.7

squid-cache.org Squid 3.1.0.8

3.1.0.8

squid-cache.org Squid 3.1.0.9

3.1.0.9

squid-cache.org Squid 3.1.0.10

3.1.0.10

squid-cache.org Squid 3.1.0.11

3.1.0.11

squid-cache.org Squid 3.1.0.12

3.1.0.12

squid-cache.org Squid 3.1.0.13

3.1.0.13

squid-cache.org Squid 3.1.0.14

3.1.0.14

squid-cache.org Squid 3.1.0.15

3.1.0.15

squid-cache.org Squid 3.1.0.16

3.1.0.16

squid-cache.org Squid 3.1.0.17

3.1.0.17

squid-cache.org Squid 3.1.0.18

3.1.0.18

squid-cache.org Squid 3.1.1

3.1.1

squid-cache.org Squid 3.1.2

3.1.2

squid-cache.org Squid 3.1.3

3.1.3

squid-cache.org Squid 3.1.4

3.1.4

squid-cache.org Squid 3.1.5

3.1.5

squid-cache.org Squid 3.1.5.1

3.1.5.1

squid-cache.org Squid 3.1.6

3.1.6

squid-cache.org Squid 3.1.7

3.1.7

squid-cache.org Squid 3.1.8

3.1.8

squid-cache.org Squid 3.1.9

3.1.9

squid-cache.org Squid 3.1.10

3.1.10

squid-cache.org Squid 3.1.11

3.1.11

squid-cache.org Squid 3.1.12

3.1.12

squid-cache.org Squid 3.1.13

3.1.13

squid-cache.org Squid 3.1.14

3.1.14

squid-cache.org Squid 3.2.0.1

3.2.0.1

squid-cache.org Squid 3.2.0.2

3.2.0.2

squid-cache.org Squid 3.2.0.3

3.2.0.3

squid-cache.org Squid 3.2.0.4

3.2.0.4

squid-cache.org Squid 3.2.0.5

3.2.0.5

squid-cache.org Squid 3.2.0.6

3.2.0.6

squid-cache.org Squid 3.2.0.7

3.2.0.7

squid-cache.org Squid 3.2.0.8

3.2.0.8

squid-cache.org Squid 3.2.0.9

3.2.0.9

squid-cache.org Squid 3.2.0.10

3.2.0.10

References

FEDORA-2011-11854

openSUSE-SU-2011:1018

SUSE-SU-2011:1019

SUSE-SU-2016:1996

SUSE-SU-2016:2089

[oss-security] 20110829 CVE-request(?): squid: buffer overflow in Gopher reply parser

[oss-security] 20110830 Re: CVE-request(?): squid: buffer overflow in Gopher reply parser

[oss-security] 20110830 Re: CVE-request(?): squid: buffer overflow in Gopher reply parser

45805

Vendor Advisory

45906

45920

45965

46029

1025981

DSA-2304

MDVSA-2011:150

74847

RHSA-2011:1293

49356

http://www.squid-cache.org/Advisories/SQUID-2011_3.txt

http://www.squid-cache.org/Versions/v2/2.HEAD/changesets/12710.patch

Patch

http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch

Patch

http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10363.patch

Patch

http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11294.patch

Patch

https://bugzilla.redhat.com/show_bug.cgi?id=734583

Patch

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.