CVE-2011-3205

critical

Description

Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression.

References

https://bugzilla.redhat.com/show_bug.cgi?id=734583

http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11294.patch

http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10363.patch

http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch

http://www.squid-cache.org/Versions/v2/2.HEAD/changesets/12710.patch

http://www.squid-cache.org/Advisories/SQUID-2011_3.txt

http://www.securityfocus.com/bid/49356

http://www.redhat.com/support/errata/RHSA-2011-1293.html

http://www.osvdb.org/74847

http://www.mandriva.com/security/advisories?name=MDVSA-2011:150

http://www.debian.org/security/2011/dsa-2304

http://securitytracker.com/id?1025981

http://secunia.com/advisories/46029

http://secunia.com/advisories/45965

http://secunia.com/advisories/45920

http://secunia.com/advisories/45906

http://secunia.com/advisories/45805

http://openwall.com/lists/oss-security/2011/08/30/8

http://openwall.com/lists/oss-security/2011/08/30/4

http://openwall.com/lists/oss-security/2011/08/29/2

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.html

http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065534.html

Details

Source: Mitre, NVD

Published: 2011-09-06

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical