CVE-2005-0094Improper Restriction of Operations within the Bounds of a Memory Buffer in Squid

13 documents7 sources
Severity
6.8MEDIUMNVD
NVD5.0OSV5.0
EPSS
51.1%
top 2.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
SquidDebian SquidSquid-cache Squid
Timeline
PublishedJan 15
Latest updateMay 17

Description

Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service (crash) via crafted responses.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

debiandebian/squid< squid 2.5.7-4 (bookworm)+1
Debiansquid/squid< 2.5.7-4+3
NVDsquid/squid27 versions+26
NVDsquid-cache/squid69 versions+68

Patches

Patch: secunia.comPatch: security.gentoo.orgPatch: www.debian.org

🔴Vulnerability Details

3
GHSA
GHSA-xv7f-73w8-27qj: Buffer overflow in the gopherToHTML function in gopher2022-05-17
GHSA
GHSA-ph2m-29xw-r5gc: Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 22022-05-01
OSV
CVE-2005-0094: Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 22005-01-15

📋Vendor Advisories

5
Red Hat
squid: buffer overflow flaw in Squid's Gopher reply parser (SQUID-2011:3)2011-08-28
Debian
CVE-2011-3205: squid - Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply pa...2011
Ubuntu
Squid vulnerabilities2005-01-21
Red Hat
security flaw2005-01-12
Debian
CVE-2005-0094: squid - Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squi...2005

💬Community

3
Bugzilla
CVE-2005-0094 security flaw2018-08-16
Bugzilla
CVE-2011-3205 squid: buffer overflow flaw in Squid's Gopher reply parser (SQUID-2011:3)2011-08-30
Bugzilla
Squid Multiple Vulnerabilities (CVE-2004-0541 CVE-2004-0832 CVE-2004-0918 CVE-2005-0094 CVE-2005-0095 CVE-2005-0096 CVE-2005-0097 CVE-2005-0446 CVE-2005-0626 CVE-2005-0718 CVE-1999-0710 CVE-2005-13452004-10-11