CVE-2011-3205

2011-09-0600:00:00

ubuntu.com

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.908 High

EPSS

Percentile

98.8%

JSON

Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher
reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2
before 3.2.0.11 allows remote Gopher servers to cause a denial of service
(memory corruption and daemon restart) or possibly have unspecified other
impact via a long line in a response. NOTE: This issue exists because of a
CVE-2005-0094 regression.

Bugs

<https://bugs.launchpad.net/ubuntu/lucid/+source/squid3/+bug/907690>

Notes

Author	Note
sbeattie	this issue only affects squid3; not squid2, due to read sizes being increased. Referenced patch for v2 is a bugfix patch only.

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchsquid3< 3.0.STABLE19-1ubuntu0.2UNKNOWN
ubuntu10.10noarchsquid3< 3.1.6-1.1ubuntu1.2UNKNOWN
ubuntu11.04noarchsquid3< 3.1.11-1ubuntu0.1UNKNOWN
ubuntu11.10noarchsquid3< 3.1.14-1ubuntu0.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	squid3	< 3.0.STABLE19-1ubuntu0.2	UNKNOWN
ubuntu	10.10	noarch	squid3	< 3.1.6-1.1ubuntu1.2	UNKNOWN
ubuntu	11.04	noarch	squid3	< 3.1.11-1ubuntu0.1	UNKNOWN
ubuntu	11.10	noarch	squid3	< 3.1.14-1ubuntu0.1	UNKNOWN