Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-2304-1
HistorySep 11, 2011 - 12:00 a.m.

squid3 - buffer overflow

2011-09-1100:00:00
Google
osv.dev
8
JSON

Ben Hawkes discovered that Squid 3, a full featured Web Proxy cache
(HTTP proxy), is vulnerable to a buffer overflow when processing Gopher
server replies. An attacker can exploit this flaw by connecting to a
Gopher server that returns lines longer than 4096 bytes. This may result
in denial of service conditions (daemon crash) or the possibly the
execution of arbitrary code with rights of the squid daemon.

For the oldstable distribution (lenny), this problem has been fixed in
version 3.0.STABLE8-3+lenny5.

For the stable distribution (squeeze), this problem has been fixed in
version 3.1.6-1.2+squeeze1.

For the testing distribution (wheezy), this problem has been fixed in
version 3.1.15-1.

For the unstable distribution (sid), this problem has been fixed in
version 3.1.15-1.

We recommend that you upgrade your squid3 packages.

JSON