Vulnerability Description
Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Opensuse | Opensuse | 11.4 |
| Squid-Cache | Squid | 3.2.0.1 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
- http://lists.opensuse.org/opensuse-updates/2013-09/msg00024.htmlVendor Advisory
- http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.htmlVendor Advisory
- http://lists.opensuse.org/opensuse-updates/2013-09/msg00030.htmlVendor Advisory
- http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.htmlVendor Advisory
- http://lists.opensuse.org/opensuse-updates/2013-09/msg00033.htmlVendor Advisory
- http://secunia.com/advisories/54076Vendor Advisory
- http://secunia.com/advisories/54834Vendor Advisory
- http://secunia.com/advisories/54839Vendor Advisory
- http://www.openwall.com/lists/oss-security/2013/07/11/8
- http://www.securityfocus.com/bid/61111
- http://www.squid-cache.org/Advisories/SQUID-2013_2.txtVendor Advisory
- http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9200.patchPatch
- http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10487.patchPatch
FAQ
What is CVE-2013-4115?
CVE-2013-4115 is a vulnerability with a CVSS score of 7.5 (HIGH). Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server term...
How severe is CVE-2013-4115?
CVE-2013-4115 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4115?
Check the references section above for vendor advisories and patch information. Affected products include: Opensuse Opensuse, Squid-Cache Squid.