logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2013-4115

Description

Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request. #### Bugs * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=716743> #### Notes Author| Note ---|--- [mdeslaur](<https://launchpad.net/~mdeslaur>) | this only affects 3.2+ although upstream has a patch for older versions, 3.1 and older perform URL validation before hitting the affected code, so they aren't vulnerable to the security issue. saucy has vulnerable version in -proposed


Affected Package


OS OS Version Package Name Package Version
ubuntu upstream squid3 3.2.12,3.3.7

Related