CVE-2013-4115
published 2013-08-09CVE-2013-4115: Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of…
PriorityP351high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
43.26%
98.6th percentile
Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | squid | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerable function is `idnsALookup` in `dns_internal.cc` — monitor for crashes or memory corruption in Squid processes triggered by DNS lookup requests with excessively long hostnames. ↗
- →The attack vector is HTTP requests sent to the Squid proxy containing overly long DNS names — inspect HTTP requests proxied through Squid for abnormally long hostnames/URLs that would trigger DNS resolution. ↗
- →Affected versions are Squid 3.2.x through 3.2.11 and 3.3.x through 3.3.6 — inventory and flag any deployments running these version ranges. ↗
- ·The flaw is in Squid's internal DNS lookup module; only versions 3.2.0–3.2.11 and 3.3.0–3.3.6 are affected. Red Hat Enterprise Linux 7 ships a non-affected version. ↗
- ·The official Squid advisory is published at the URL below — consult it for patch/configuration guidance. ↗
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_debian7.5LOW
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
squid: buffer overflow when processing overly long DNS names (SQUID-2013:2)
vendor_redhat·2013-07-10·CVSS 7.5
CVE-2013-4115 [HIGH] squid: buffer overflow when processing overly long DNS names (SQUID-2013:2)
squid: buffer overflow when processing overly long DNS names (SQUID-2013:2)
Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request.
A buffer overflow flaw was found in Squid's DNS lookup module. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid.
Package: squid (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2013-4115: squid - Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 thro...
vendor_debian·2013·CVSS 7.5
CVE-2013-4115 [HIGH] CVE-2013-4115: squid - Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 thro...
Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
GHSA-8f69-q75r-2vcf: Buffer overflow in the idnsALookup function in dns_internal
ghsa_unreviewed·2022-05-14
CVE-2013-4115 [HIGH] CWE-119 GHSA-8f69-q75r-2vcf: Buffer overflow in the idnsALookup function in dns_internal
Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-4115 squid: buffer overflow when processing overly long DNS names (SQUID-2013:2)
bugzilla·2013-07-11·CVSS 7.5
CVE-2013-4115 [HIGH] CVE-2013-4115 squid: buffer overflow when processing overly long DNS names (SQUID-2013:2)
CVE-2013-4115 squid: buffer overflow when processing overly long DNS names (SQUID-2013:2)
A buffer overflow flaw was found in the way internal DNS name lookup module of Squid, a proxy caching server, used to perform DNS lookup for overly long DNS names. A trusted Squid client or client script, able to generate HTTP requests, could use this flaw to terminate the Squid service (denial of service).
External References:
http://www.squid-cache.org/Advisories/SQUID-2013_2.txt
Discussion:
This issue affects the versions of the squid package, as shipped with Fedora release of 17, 18, and 19. Please schedule an update.
---
Created squid tracking bugs for this issue:
Affects: fedora-all [bug 983663]
---
CVE Request:
http://www.openwall.com/lists/oss-security/2013/07/11/2
---
The CVE iden
Bugzilla
CVE-2013-4115 squid: squid: DoS (crash) due to a buffer overflow when processing overly long DNS names [fedora-all]
bugzilla·2013-07-11·CVSS 7.5
CVE-2013-4115 [HIGH] CVE-2013-4115 squid: squid: DoS (crash) due to a buffer overflow when processing overly long DNS names [fedora-all]
CVE-2013-4115 squid: squid: DoS (crash) due to a buffer overflow when processing overly long DNS names [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when a
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.htmlhttp://lists.opensuse.org/opensuse-updates/2013-09/msg00024.htmlhttp://lists.opensuse.org/opensuse-updates/2013-09/msg00025.htmlhttp://lists.opensuse.org/opensuse-updates/2013-09/msg00030.htmlhttp://lists.opensuse.org/opensuse-updates/2013-09/msg00032.htmlhttp://lists.opensuse.org/opensuse-updates/2013-09/msg00033.htmlhttp://secunia.com/advisories/54076http://secunia.com/advisories/54834http://secunia.com/advisories/54839http://www.openwall.com/lists/oss-security/2013/07/11/8http://www.securityfocus.com/bid/61111http://www.squid-cache.org/Advisories/SQUID-2013_2.txthttp://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9200.patchhttp://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10487.patchhttp://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11823.patchhttp://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12587.patchhttps://exchange.xforce.ibmcloud.com/vulnerabilities/85564http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.htmlhttp://lists.opensuse.org/opensuse-updates/2013-09/msg00024.htmlhttp://lists.opensuse.org/opensuse-updates/2013-09/msg00025.htmlhttp://lists.opensuse.org/opensuse-updates/2013-09/msg00030.htmlhttp://lists.opensuse.org/opensuse-updates/2013-09/msg00032.htmlhttp://lists.opensuse.org/opensuse-updates/2013-09/msg00033.htmlhttp://secunia.com/advisories/54076http://secunia.com/advisories/54834http://secunia.com/advisories/54839http://www.openwall.com/lists/oss-security/2013/07/11/8http://www.securityfocus.com/bid/61111http://www.squid-cache.org/Advisories/SQUID-2013_2.txthttp://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9200.patchhttp://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10487.patchhttp://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11823.patchhttp://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12587.patchhttps://exchange.xforce.ibmcloud.com/vulnerabilities/85564
2013-08-09
Published