CVE-2010-2951 — Reachable Assertion in Squid

5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

55.2%

top 1.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Squid-cache Squid

Timeline

PublishedOct 12

Latest updateMay 17

Description

dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the TC bit set.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDsquid-cache/squid3.1.6

Patches

Patch: bazaar.launchpad.net ↗Patch: marc.info ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-9vw9-fpw4-vvf6: dns_internal↗2022-05-17

▶

CVEList

CVE-2010-2951: dns_internal↗2010-10-12

▶

📋Vendor Advisories

Red Hat

squid: child assertion failure when processing large DNS replies with no IPv6 resolver present↗2010-08-18

▶

💬Community

Bugzilla

CVE-2010-2951 squid: child assertion failure when processing large DNS replies with no IPv6 resolver present↗2010-08-24

▶