Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
CVE-2011-3205
CVE information
Published
Last Modified
CVSSv2.0 Severity
Impact Analysis
Description
Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression..
CVSSv2.0 Score
- Severity
- Medium
- Base Score
- 6.8/10
- Exploit Score
- 8.6/10
- Access Vector
- Network
- Access Complexity
- Medium
- Authentication Required
- None
- Impact Score
- 6.4/10
- Confidentiality Impact
- Partial
- Availability Impact
- Partial
- Integrity Impact
- Partial
Products Affected
CPE | Affected | Vulnerable | Excluding | Edit |
---|---|---|---|---|
cpe:2.3:a:squid-cache:squid:3.0.stable13:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.0.stable9:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.0.stable20:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.0.stable14:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.0.stable3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.0.stable4:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.0.stable24:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.0.stable16:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.0.stable16:rc1:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.0.stable11:rc1:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.0.stable18:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.0.stable1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.0.stable6:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.0.stable15:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.0.stable5:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.0.stable21:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.0.stable17:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.0.stable11:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.0.stable10:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.0.stable8:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.0.stable12:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.0.stable25:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.0.stable23:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.0.stable22:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.0.stable2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.0.stable7:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.0.stable19:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:* |
Yes
|
- | - | |
cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:* |
Yes
|
- | - |
References
- http://openwall.com/lists/oss-security/2011/08/29/2
- https://bugzilla.redhat.com/show_bug.cgi?id=734583
- http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch
- http://www.osvdb.org/74847
- http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11294.patch
- http://www.securityfocus.com/bid/49356
- http://www.squid-cache.org/Advisories/SQUID-2011_3.txt
- http://secunia.com/advisories/45805
- http://openwall.com/lists/oss-security/2011/08/30/8
- http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10363.patch
- http://securitytracker.com/id?1025981
- http://www.squid-cache.org/Versions/v2/2.HEAD/changesets/12710.patch
- http://openwall.com/lists/oss-security/2011/08/30/4
- http://secunia.com/advisories/46029
- http://secunia.com/advisories/45920
- http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065534.html
- http://secunia.com/advisories/45965
- http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.html
- http://www.debian.org/security/2011/dsa-2304
- http://secunia.com/advisories/45906
- http://www.redhat.com/support/errata/RHSA-2011-1293.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:150
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html