Lucene search

K
ubuntucveUbuntu.comUB:CVE-2010-2951
HistoryOct 12, 2010 - 12:00 a.m.

CVE-2010-2951

2010-10-1200:00:00
ubuntu.com
ubuntu.com
14

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.342 Low

EPSS

Percentile

97.1%

dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled,
accesses an invalid socket during an IPv4 TCP DNS query, which allows
remote attackers to cause a denial of service (assertion failure and daemon
exit) via vectors that trigger an IPv4 DNS response with the TC bit set.

Notes

Author Note
jdstrand per upstream, 3.1 only
OSVersionArchitecturePackageVersionFilename
ubuntu10.10noarchsquid3< 3.1.6-1.1ubuntu1.1UNKNOWN

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.342 Low

EPSS

Percentile

97.1%