CVE-2011-3205 — Out-of-bounds Write in Squid

6 documents6 sources

Severity

6.8MEDIUMNVD

CNA5.0

EPSS

75.0%

top 1.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Squid-cache Squid

Timeline

PublishedSep 6

Latest updateMay 17

Description

Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDsquid-cache/squid69 versions+68

Patches

Patch: www.squid-cache.org ↗Patch: www.squid-cache.org ↗Patch: www.squid-cache.org ↗

🔴Vulnerability Details

GHSA

GHSA-xv7f-73w8-27qj: Buffer overflow in the gopherToHTML function in gopher↗2022-05-17

▶

CVEList

CVE-2011-3205: Buffer overflow in the gopherToHTML function in gopher↗2011-09-06

▶

📋Vendor Advisories

Red Hat

squid: buffer overflow flaw in Squid's Gopher reply parser (SQUID-2011:3)↗2011-08-28

▶

Debian

CVE-2011-3205: squid - Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply pa...↗2011

▶

💬Community

Bugzilla

CVE-2011-3205 squid: buffer overflow flaw in Squid's Gopher reply parser (SQUID-2011:3)↗2011-08-30

▶