Lucene search

K
cve[email protected]CVE-2011-4096
HistoryNov 17, 2011 - 7:55 p.m.

CVE-2011-4096

2011-11-1719:55:00
CWE-399
web.nvd.nist.gov
115
squid
cve-2011-4096
idnsgrokreply
memory issue
denial of service
dns
daemon
nvd

6.2 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.935 High

EPSS

Percentile

99.0%

The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record.

6.2 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.935 High

EPSS

Percentile

99.0%

Related for CVE-2011-4096