CVE-2011-3205

NameCVE-2011-3205
DescriptionBuffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2304-1
NVD severitymedium (attack range: remote)
Debian Bugs639755

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
squid (PTS)buster, sid4.2-2fixed
squid3 (PTS)jessie (security), jessie3.4.8-6+deb8u5fixed
stretch (security), stretch3.5.23-5+deb9u1fixed
sid3.5.27-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
squidsource(unstable)(not affected)
squid3source(unstable)3.1.15-1low639755
squid3sourcelenny3.0.STABLE8-3+lenny5mediumDSA-2304-1
squid3sourcesqueeze3.1.6-1.2+squeeze1mediumDSA-2304-1

Notes

- squid <not-affected> (Only a buffer overflow in Squid 3, see https://bugzilla.redhat.com/show_bug.cgi?id=734583#c4)
http://www.squid-cache.org/Advisories/SQUID-2011_3.txt

Search for package or bug name: Reporting problems