Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2011-3205

Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression.

Published

2011-09-06T15:55:08.383

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	squid-cache	squid	3.0.stable1	Yes
Application	squid-cache	squid	3.0.stable2	Yes
Application	squid-cache	squid	3.0.stable3	Yes
Application	squid-cache	squid	3.0.stable4	Yes
Application	squid-cache	squid	3.0.stable5	Yes
Application	squid-cache	squid	3.0.stable6	Yes
Application	squid-cache	squid	3.0.stable7	Yes
Application	squid-cache	squid	3.0.stable8	Yes
Application	squid-cache	squid	3.0.stable9	Yes
Application	squid-cache	squid	3.0.stable10	Yes
Application	squid-cache	squid	3.0.stable11	Yes
Application	squid-cache	squid	3.0.stable11	Yes
Application	squid-cache	squid	3.0.stable12	Yes
Application	squid-cache	squid	3.0.stable13	Yes
Application	squid-cache	squid	3.0.stable14	Yes
Application	squid-cache	squid	3.0.stable15	Yes
Application	squid-cache	squid	3.0.stable16	Yes
Application	squid-cache	squid	3.0.stable16	Yes
Application	squid-cache	squid	3.0.stable17	Yes
Application	squid-cache	squid	3.0.stable18	Yes
Application	squid-cache	squid	3.0.stable19	Yes
Application	squid-cache	squid	3.0.stable20	Yes
Application	squid-cache	squid	3.0.stable21	Yes
Application	squid-cache	squid	3.0.stable22	Yes
Application	squid-cache	squid	3.0.stable23	Yes
Application	squid-cache	squid	3.0.stable24	Yes
Application	squid-cache	squid	3.0.stable25	Yes
Application	squid-cache	squid	3.1	Yes
Application	squid-cache	squid	3.1.0.1	Yes
Application	squid-cache	squid	3.1.0.2	Yes
Application	squid-cache	squid	3.1.0.3	Yes
Application	squid-cache	squid	3.1.0.4	Yes
Application	squid-cache	squid	3.1.0.5	Yes
Application	squid-cache	squid	3.1.0.6	Yes
Application	squid-cache	squid	3.1.0.7	Yes
Application	squid-cache	squid	3.1.0.8	Yes
Application	squid-cache	squid	3.1.0.9	Yes
Application	squid-cache	squid	3.1.0.10	Yes
Application	squid-cache	squid	3.1.0.11	Yes
Application	squid-cache	squid	3.1.0.12	Yes
Application	squid-cache	squid	3.1.0.13	Yes
Application	squid-cache	squid	3.1.0.14	Yes
Application	squid-cache	squid	3.1.0.15	Yes
Application	squid-cache	squid	3.1.0.16	Yes
Application	squid-cache	squid	3.1.0.17	Yes
Application	squid-cache	squid	3.1.0.18	Yes
Application	squid-cache	squid	3.1.1	Yes
Application	squid-cache	squid	3.1.2	Yes
Application	squid-cache	squid	3.1.3	Yes
Application	squid-cache	squid	3.1.4	Yes
Application	squid-cache	squid	3.1.5	Yes
Application	squid-cache	squid	3.1.5.1	Yes
Application	squid-cache	squid	3.1.6	Yes
Application	squid-cache	squid	3.1.7	Yes
Application	squid-cache	squid	3.1.8	Yes
Application	squid-cache	squid	3.1.9	Yes
Application	squid-cache	squid	3.1.10	Yes
Application	squid-cache	squid	3.1.11	Yes
Application	squid-cache	squid	3.1.12	Yes
Application	squid-cache	squid	3.1.13	Yes
Application	squid-cache	squid	3.1.14	Yes
Application	squid-cache	squid	3.2.0.1	Yes
Application	squid-cache	squid	3.2.0.2	Yes
Application	squid-cache	squid	3.2.0.3	Yes
Application	squid-cache	squid	3.2.0.4	Yes
Application	squid-cache	squid	3.2.0.5	Yes
Application	squid-cache	squid	3.2.0.6	Yes
Application	squid-cache	squid	3.2.0.7	Yes
Application	squid-cache	squid	3.2.0.8	Yes
Application	squid-cache	squid	3.2.0.9	Yes
Application	squid-cache	squid	3.2.0.10	Yes

References

http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065534.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html ([email protected])
http://openwall.com/lists/oss-security/2011/08/29/2 ([email protected])
http://openwall.com/lists/oss-security/2011/08/30/4 ([email protected])
http://openwall.com/lists/oss-security/2011/08/30/8 ([email protected])
http://secunia.com/advisories/45805 Vendor Advisory ([email protected])
http://secunia.com/advisories/45906 ([email protected])
http://secunia.com/advisories/45920 ([email protected])
http://secunia.com/advisories/45965 ([email protected])
http://secunia.com/advisories/46029 ([email protected])
http://securitytracker.com/id?1025981 ([email protected])
http://www.debian.org/security/2011/dsa-2304 ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2011:150 ([email protected])
http://www.osvdb.org/74847 ([email protected])
http://www.redhat.com/support/errata/RHSA-2011-1293.html ([email protected])
http://www.securityfocus.com/bid/49356 ([email protected])
http://www.squid-cache.org/Advisories/SQUID-2011_3.txt ([email protected])
http://www.squid-cache.org/Versions/v2/2.HEAD/changesets/12710.patch Patch ([email protected])
http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch Patch ([email protected])
http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10363.patch Patch ([email protected])
http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11294.patch Patch ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=734583 Patch ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065534.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html (af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/08/29/2 (af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/08/30/4 (af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/08/30/8 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/45805 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/45906 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/45920 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/45965 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/46029 (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1025981 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2011/dsa-2304 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2011:150 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/74847 (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2011-1293.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/49356 (af854a3a-2127-422b-91ae-364da2661108)
http://www.squid-cache.org/Advisories/SQUID-2011_3.txt (af854a3a-2127-422b-91ae-364da2661108)
http://www.squid-cache.org/Versions/v2/2.HEAD/changesets/12710.patch Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10363.patch Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11294.patch Patch (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=734583 Patch (af854a3a-2127-422b-91ae-364da2661108)