Detections
Analytics
CVE-2011-3205
critical
Description
Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression.
References
https://bugzilla.redhat.com/show_bug.cgi?id=734583
http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11294.patch
http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10363.patch
http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch
http://www.squid-cache.org/Versions/v2/2.HEAD/changesets/12710.patch
http://www.squid-cache.org/Advisories/SQUID-2011_3.txt
http://www.securityfocus.com/bid/49356
http://www.redhat.com/support/errata/RHSA-2011-1293.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:150
http://www.debian.org/security/2011/dsa-2304
http://securitytracker.com/id?1025981
http://secunia.com/advisories/46029
http://secunia.com/advisories/45965
http://secunia.com/advisories/45920
http://secunia.com/advisories/45906
http://secunia.com/advisories/45805
http://openwall.com/lists/oss-security/2011/08/30/8
http://openwall.com/lists/oss-security/2011/08/30/4
http://openwall.com/lists/oss-security/2011/08/29/2
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065534.html