CVE-2011-3205
published 2011-09-06CVE-2011-3205: Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before…
PriorityP341medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
27.45%
97.8th percentile
Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression.
Affected
70 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is triggered by a Gopher server response containing a line longer than 4096 bytes, causing a buffer overflow in the gopherToHTML function in gopher.cc of Squid's Gopher reply parser. ↗
- →An attacker can set up a rogue Gopher server and route traffic through Squid to exploit this; monitor for unusual Gopher protocol traffic (TCP port 70) being proxied through Squid. ↗
- →The vulnerable code path is in the gopherToHTML function within gopher.cc; look for Squid daemon restarts (memory corruption crash) as an indicator of exploitation attempts. ↗
- →The overflow occurs via the memcpy into gopherState->buf when a long line is split across large packets; the unsafe copy is: memcpy(gopherState->buf + gopherState->len, pos, llen) without adequate bounds checking. ↗
- ·Only Squid 3.x is vulnerable (3.0 before 3.0.STABLE26, 3.1 before 3.1.15, 3.2 before 3.2.0.11); Squid 2.x has a related parsing bug but does NOT have the buffer overflow due to a smaller read buffer size. ↗
- ·Red Hat Enterprise Linux 4 and 5 ship Squid 2.x and are NOT affected; only RHEL 6 (Squid 3.x) required patching. ↗
- ·The vulnerability is a regression of CVE-2005-0094 introduced in Squid 3.x due to an increased packet read buffer size (read_sz) in gopherReadReply. ↗
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xv7f-73w8-27qj: Buffer overflow in the gopherToHTML function in gopher
ghsa_unreviewed·2022-05-17·CVSS 5.0
CVE-2011-3205 [MEDIUM] GHSA-xv7f-73w8-27qj: Buffer overflow in the gopherToHTML function in gopher
Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression.
Red Hat
squid: buffer overflow flaw in Squid's Gopher reply parser (SQUID-2011:3)
vendor_redhat·2011-08-28·CVSS 5.0
CVE-2011-3205 [MEDIUM] squid: buffer overflow flaw in Squid's Gopher reply parser (SQUID-2011:3)
squid: buffer overflow flaw in Squid's Gopher reply parser (SQUID-2011:3)
Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression.
Package: squid (Red Hat Enterprise Linux 4) - Not affected
Package: squid (Red Hat Enterprise Linux 5) - Not affected
Debian
CVE-2011-3205: squid - Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply pa...
vendor_debian·2011·CVSS 5.0
CVE-2011-3205 [MEDIUM] CVE-2011-3205: squid - Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply pa...
Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No public exploits indexed.
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065534.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.htmlhttp://openwall.com/lists/oss-security/2011/08/29/2http://openwall.com/lists/oss-security/2011/08/30/4http://openwall.com/lists/oss-security/2011/08/30/8http://secunia.com/advisories/45805http://secunia.com/advisories/45906http://secunia.com/advisories/45920http://secunia.com/advisories/45965http://secunia.com/advisories/46029http://securitytracker.com/id?1025981http://www.debian.org/security/2011/dsa-2304http://www.mandriva.com/security/advisories?name=MDVSA-2011:150http://www.osvdb.org/74847http://www.redhat.com/support/errata/RHSA-2011-1293.htmlhttp://www.securityfocus.com/bid/49356http://www.squid-cache.org/Advisories/SQUID-2011_3.txthttp://www.squid-cache.org/Versions/v2/2.HEAD/changesets/12710.patchhttp://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patchhttp://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10363.patchhttp://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11294.patchhttps://bugzilla.redhat.com/show_bug.cgi?id=734583http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065534.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.htmlhttp://openwall.com/lists/oss-security/2011/08/29/2http://openwall.com/lists/oss-security/2011/08/30/4http://openwall.com/lists/oss-security/2011/08/30/8http://secunia.com/advisories/45805http://secunia.com/advisories/45906http://secunia.com/advisories/45920http://secunia.com/advisories/45965http://secunia.com/advisories/46029http://securitytracker.com/id?1025981http://www.debian.org/security/2011/dsa-2304http://www.mandriva.com/security/advisories?name=MDVSA-2011:150http://www.osvdb.org/74847http://www.redhat.com/support/errata/RHSA-2011-1293.htmlhttp://www.securityfocus.com/bid/49356http://www.squid-cache.org/Advisories/SQUID-2011_3.txthttp://www.squid-cache.org/Versions/v2/2.HEAD/changesets/12710.patchhttp://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patchhttp://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10363.patchhttp://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11294.patchhttps://bugzilla.redhat.com/show_bug.cgi?id=734583
2011-09-06
Published