CVE-2013-4115Improper Restriction of Operations within the Bounds of a Memory Buffer in Squid

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents6 sources
Severity
7.5HIGHNVD
EPSS
75.1%
top 1.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
OpensuseSquid-cache Squid
Timeline
PublishedAug 9
Latest updateMay 14

Description

Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDsquid-cache/squid17 versions+16
NVDopensuse/opensuse11.4, 12.2, 12.3+2

Patches

Patch: www.squid-cache.orgPatch: www.squid-cache.orgPatch: www.squid-cache.org

🔴Vulnerability Details

2
GHSA
GHSA-8f69-q75r-2vcf: Buffer overflow in the idnsALookup function in dns_internal2022-05-14
CVEList
CVE-2013-4115: Buffer overflow in the idnsALookup function in dns_internal2013-08-09

📋Vendor Advisories

2
Red Hat
squid: buffer overflow when processing overly long DNS names (SQUID-2013:2)2013-07-10
Debian
CVE-2013-4115: squid - Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 thro...2013

💬Community

2
Bugzilla
CVE-2013-4115 squid: buffer overflow when processing overly long DNS names (SQUID-2013:2)2013-07-11
Bugzilla
CVE-2013-4115 squid: squid: DoS (crash) due to a buffer overflow when processing overly long DNS names [fedora-all]2013-07-11
CVE-2013-4115 — Squid-cache Squid vulnerability | cvebase