Your submission was sent successfully! Close

CVE-2010-2951

Published: 12 October 2010

dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the TC bit set.

Priority

Medium

Status

Package Release Status
squid3
Launchpad, Ubuntu, Debian
Upstream Needs triage

Patches:
Debdiff: https://bugs.launchpad.net/ubuntu/+source/squid3/+bug/718127