Lucene search

[email protected]CVE-2011-4096

HistoryNov 17, 2011 - 7:55 p.m.

CVE-2011-4096

2011-11-1719:55:01

CWE-399

[email protected]

web.nvd.nist.gov

118

squid

cve-2011-4096

idnsgrokreply

memory issue

denial of service

dns

daemon

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

8.1 High

AI Score

Confidence

High

0.935 High

EPSS

Percentile

99.1%

JSON

The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record.

Affected configurations

NVD

Node

squid-cachesquidRange≤3.1.15

squid-cachesquidMatch3.0

squid-cachesquidMatch3.0pre1

squid-cachesquidMatch3.0pre2

squid-cachesquidMatch3.0pre3

squid-cachesquidMatch3.0pre4

squid-cachesquidMatch3.0pre5

squid-cachesquidMatch3.0pre6

squid-cachesquidMatch3.0pre7

squid-cachesquidMatch3.0stable1

squid-cachesquidMatch3.0stable10

squid-cachesquidMatch3.0stable11

squid-cachesquidMatch3.0stable12

squid-cachesquidMatch3.0stable13

squid-cachesquidMatch3.0stable14

squid-cachesquidMatch3.0stable15

squid-cachesquidMatch3.0stable2

squid-cachesquidMatch3.0stable3

squid-cachesquidMatch3.0stable4

squid-cachesquidMatch3.0stable5

squid-cachesquidMatch3.0stable6

squid-cachesquidMatch3.0stable7

squid-cachesquidMatch3.0stable8

squid-cachesquidMatch3.0stable9

squid-cachesquidMatch3.0rc1stable11

squid-cachesquidMatch3.0rc4

squid-cachesquidMatch3.0.stable1

squid-cachesquidMatch3.0.stable2

squid-cachesquidMatch3.0.stable3

squid-cachesquidMatch3.0.stable4

squid-cachesquidMatch3.0.stable5

squid-cachesquidMatch3.0.stable6

squid-cachesquidMatch3.0.stable7

squid-cachesquidMatch3.0.stable8

squid-cachesquidMatch3.0.stable9

squid-cachesquidMatch3.0.stable10

squid-cachesquidMatch3.0.stable11

squid-cachesquidMatch3.0.stable11rc1

squid-cachesquidMatch3.0.stable12

squid-cachesquidMatch3.0.stable13

squid-cachesquidMatch3.0.stable14

squid-cachesquidMatch3.0.stable15

squid-cachesquidMatch3.0.stable16

squid-cachesquidMatch3.0.stable16rc1

squid-cachesquidMatch3.0.stable17

squid-cachesquidMatch3.0.stable18

squid-cachesquidMatch3.0.stable19

squid-cachesquidMatch3.0.stable20

squid-cachesquidMatch3.0.stable21

squid-cachesquidMatch3.0.stable22

squid-cachesquidMatch3.0.stable23

squid-cachesquidMatch3.0.stable24

squid-cachesquidMatch3.0.stable25

squid-cachesquidMatch3.1

squid-cachesquidMatch3.1.0.1

squid-cachesquidMatch3.1.0.2

squid-cachesquidMatch3.1.0.3

squid-cachesquidMatch3.1.0.4

squid-cachesquidMatch3.1.0.5

squid-cachesquidMatch3.1.0.6

squid-cachesquidMatch3.1.0.7

squid-cachesquidMatch3.1.0.8

squid-cachesquidMatch3.1.0.9

squid-cachesquidMatch3.1.0.10

squid-cachesquidMatch3.1.0.11

squid-cachesquidMatch3.1.0.12

squid-cachesquidMatch3.1.0.13

squid-cachesquidMatch3.1.0.14

squid-cachesquidMatch3.1.0.15

squid-cachesquidMatch3.1.0.16

squid-cachesquidMatch3.1.0.17

squid-cachesquidMatch3.1.0.18

squid-cachesquidMatch3.1.1

squid-cachesquidMatch3.1.2

squid-cachesquidMatch3.1.3

squid-cachesquidMatch3.1.4

squid-cachesquidMatch3.1.5

squid-cachesquidMatch3.1.5.1

squid-cachesquidMatch3.1.6

squid-cachesquidMatch3.1.7

squid-cachesquidMatch3.1.8

squid-cachesquidMatch3.1.9

squid-cachesquidMatch3.1.10

squid-cachesquidMatch3.1.11

squid-cachesquidMatch3.1.12

squid-cachesquidMatch3.1.13

squid-cachesquidMatch3.1.14

CPENameOperatorVersion
squid-cache:squidsquid-cache squidle3.1.15
squid-cache:squidsquid-cache squideq3.0
squid-cache:squidsquid-cache squideq3.0.stable1
squid-cache:squidsquid-cache squideq3.0.stable2
squid-cache:squidsquid-cache squideq3.0.stable3
squid-cache:squidsquid-cache squideq3.0.stable4
squid-cache:squidsquid-cache squideq3.0.stable5
squid-cache:squidsquid-cache squideq3.0.stable6
squid-cache:squidsquid-cache squideq3.0.stable7
squid-cache:squidsquid-cache squideq3.0.stable8

CPE	Name	Operator	Version
squid-cache:squid	squid-cache squid	le	3.1.15
squid-cache:squid	squid-cache squid	eq	3.0
squid-cache:squid	squid-cache squid	eq	3.0.stable1
squid-cache:squid	squid-cache squid	eq	3.0.stable2
squid-cache:squid	squid-cache squid	eq	3.0.stable3
squid-cache:squid	squid-cache squid	eq	3.0.stable4
squid-cache:squid	squid-cache squid	eq	3.0.stable5
squid-cache:squid	squid-cache squid	eq	3.0.stable6
squid-cache:squid	squid-cache squid	eq	3.0.stable7
squid-cache:squid	squid-cache squid	eq	3.0.stable8