Buffer overflow in Squid-cache Squid

CVE-2013-4115

Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS looku…

Vulnerability class: Buffer Overflow

EPSS: 0.751 (98.9th percentile) — read the EPSS interpretation.

Affected products

Squid-cache Squid — versions 3.2.0.1, 3.2.0.2, 3.2.0.3
Opensuse — versions 11.4, 12.2, 12.3
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

secalert@redhat.com (x_refsource_CONFIRM, Patch)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
54076 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
SUSE-SU-2016:1996 (vendor-advisory, x_refsource_SUSE)
openSUSE-SU-2013:1441 (vendor-advisory, x_refsource_SUSE, Vendor Advisory)
openSUSE-SU-2013:1444 (vendor-advisory, x_refsource_SUSE, Vendor Advisory)
54834 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
openSUSE-SU-2013:1443 (vendor-advisory, x_refsource_SUSE, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Patch)
61111 (vdb-entry, x_refsource_BID)