CVE-2011-3205

NameCVE-2011-3205
DescriptionBuffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-2304-1
Debian Bugs639755

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
squid (PTS)bullseye (security), bullseye4.13-10+deb11u3fixed
bookworm, bookworm (security)5.7-2+deb12u2fixed
sid, trixie6.12-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
squidsource(unstable)(not affected)
squid3sourcelenny3.0.STABLE8-3+lenny5DSA-2304-1
squid3sourcesqueeze3.1.6-1.2+squeeze1DSA-2304-1
squid3source(unstable)3.1.15-1low639755

Notes

- squid <not-affected> (Only a buffer overflow in Squid 3, see https://bugzilla.redhat.com/show_bug.cgi?id=734583#c4)
http://www.squid-cache.org/Advisories/SQUID-2011_3.txt

Search for package or bug name: Reporting problems