6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.908 High
EPSS
Percentile
98.8%
Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher
reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2
before 3.2.0.11 allows remote Gopher servers to cause a denial of service
(memory corruption and daemon restart) or possibly have unspecified other
impact via a long line in a response. NOTE: This issue exists because of a
CVE-2005-0094 regression.
Author | Note |
---|---|
sbeattie | this issue only affects squid3; not squid2, due to read sizes being increased. Referenced patch for v2 is a bugfix patch only. |