5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.342 Low
EPSS
Percentile
97.1%
dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled,
accesses an invalid socket during an IPv4 TCP DNS query, which allows
remote attackers to cause a denial of service (assertion failure and daemon
exit) via vectors that trigger an IPv4 DNS response with the TC bit set.
Author | Note |
---|---|
jdstrand | per upstream, 3.1 only |