CVE-2011-3205

2011-09-0615:55:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

135

cve-2011-3205

buffer overflow

gophertohtml

gopher reply parser

squid 3.0

squid 3.1

squid 3.2

denial of service

memory corruption

daemon restart

7.7 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.94 High

EPSS

Percentile

99.1%

JSON

Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression.

CPENameOperatorVersion
squid-cache:squidsquid-cache squideq3.0.stable13
squid-cache:squidsquid-cache squideq3.0.stable9
squid-cache:squidsquid-cache squideq3.0.stable20
squid-cache:squidsquid-cache squideq3.0.stable14
squid-cache:squidsquid-cache squideq3.0.stable3
squid-cache:squidsquid-cache squideq3.0.stable4
squid-cache:squidsquid-cache squideq3.0.stable24
squid-cache:squidsquid-cache squideq3.0.stable16
squid-cache:squidsquid-cache squideq3.0.stable11
squid-cache:squidsquid-cache squideq3.0.stable18

CPE	Name	Operator	Version
squid-cache:squid	squid-cache squid	eq	3.0.stable13
squid-cache:squid	squid-cache squid	eq	3.0.stable9
squid-cache:squid	squid-cache squid	eq	3.0.stable20
squid-cache:squid	squid-cache squid	eq	3.0.stable14
squid-cache:squid	squid-cache squid	eq	3.0.stable3
squid-cache:squid	squid-cache squid	eq	3.0.stable4
squid-cache:squid	squid-cache squid	eq	3.0.stable24
squid-cache:squid	squid-cache squid	eq	3.0.stable16
squid-cache:squid	squid-cache squid	eq	3.0.stable11
squid-cache:squid	squid-cache squid	eq	3.0.stable18