Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Squid 3.x < 3.2.12 / 3.3.x < 3.3.7 idnsALookup HTTP Request DoS

Medium

Synopsis

The remote proxy server is affected by a denial of service vulnerability

Description

Squid version prior to 3.x to 3.2.12 or 3.3.x prior to 3.3.7 are potentially affected by a denial of service vulnerability. A buffer overflow exists in the 'idnsALookup' function in the file 'dns_internal.cc' that could allow specially crafted HTTP requests that could result in a denial of service

Solution

Either upgrade to Squid version 3.2.12 / 3.3.7 or later, or apply the vendor-supplied patch.