Your submission was sent successfully! Close

CVE-2013-4115

Published: 09 August 2013

Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request.

Priority

Medium

Notes

AuthorNote
mdeslaur
this only affects 3.2+
although upstream has a patch for older versions, 3.1 and older
perform URL validation before hitting the affected code, so
they aren't vulnerable to the security issue.
saucy has vulnerable version in -proposed

References

Bugs