CVE-2013-4115

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request.

References

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html

http://lists.opensuse.org/opensuse-updates/2013-09/msg00024.html

http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html

http://lists.opensuse.org/opensuse-updates/2013-09/msg00030.html

http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html

http://lists.opensuse.org/opensuse-updates/2013-09/msg00033.html

http://secunia.com/advisories/54076

http://secunia.com/advisories/54834

http://secunia.com/advisories/54839

http://www.openwall.com/lists/oss-security/2013/07/11/8

http://www.securityfocus.com/bid/61111

http://www.squid-cache.org/Advisories/SQUID-2013_2.txt

http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9200.patch

http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10487.patch

http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11823.patch

http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12587.patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/85564

Details

Source: MITRE

Published: 2013-08-09

Updated: 2018-10-30

Type: CWE-119

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (18 total)

IDNameProductFamilySeverity
93294SUSE SLES11 Security Update : squid3 (SUSE-SU-2016:2089-1)NessusSuSE Local Security Checks
high
93271SUSE SLES11 Security Update : squid3 (SUSE-SU-2016:1996-1)NessusSuSE Local Security Checks
high
78658Amazon Linux AMI : squid (ALAS-2014-433)NessusAmazon Linux Local Security Checks
high
78354Amazon Linux AMI : squid (ALAS-2014-411)NessusAmazon Linux Local Security Checks
high
77553Scientific Linux Security Update : squid on SL5.x, SL6.x i386/x86_64 (20140903)NessusScientific Linux Local Security Checks
high
77523RHEL 5 / 6 : squid (RHSA-2014:1148)NessusRed Hat Local Security Checks
high
77517Oracle Linux 5 / 6 : squid (ELSA-2014-1148)NessusOracle Linux Local Security Checks
high
77509CentOS 5 / 6 : squid (CESA-2014:1148)NessusCentOS Local Security Checks
high
75142openSUSE Security Update : squid3 (openSUSE-SU-2013:1441-1)NessusSuSE Local Security Checks
high
75140openSUSE Security Update : squid (openSUSE-SU-2013:1435-1)NessusSuSE Local Security Checks
high
75139openSUSE Security Update : squid (openSUSE-SU-2013:1436-1)NessusSuSE Local Security Checks
high
70182GLSA-201309-22 : Squid: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
70021SuSE 11.2 / 11.3 Security Update : squid (SAT Patch Numbers 8309 / 8310)NessusSuSE Local Security Checks
high
69204Fedora 18 : squid-3.2.13-1.fc18 (2013-13493)NessusFedora Local Security Checks
high
69201Fedora 19 : squid-3.2.13-1.fc19 (2013-13468)NessusFedora Local Security Checks
high
69067Mandriva Linux Security Advisory : squid (MDVSA-2013:199)NessusMandriva Local Security Checks
high
69041Squid 3.x < 3.2.12 / 3.3.x < 3.3.7 idnsALookup HTTP Request DoSNessusFirewalls
high
6931Squid 3.x < 3.2.12 / 3.3.x < 3.3.7 idnsALookup HTTP Request DoSNessus Network MonitorWeb Servers
medium