CVE 2010-0308
lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.
Related bugs and status
CVE-2010-0308 (Candidate) is related to these bugs:
Bug #580590: Squid no longer uses $SQUID_MAXFD
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 580590 | Squid no longer uses $SQUID_MAXFD | squid (Ubuntu) | Wishlist | Confirmed | ||
Bug #907686: CVE-2010-0308: DoS (assertion failure) via a crafted DNS packet that only contains header in lucid series
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 907686 | CVE-2010-0308: DoS (assertion failure) via a crafted DNS packet that only contains header in lucid series | squid3 (Ubuntu) | High | Fix Released | ||
| 907686 | CVE-2010-0308: DoS (assertion failure) via a crafted DNS packet that only contains header in lucid series | squid3 (Ubuntu Lucid) | Undecided | Fix Released | ||
| 907686 | CVE-2010-0308: DoS (assertion failure) via a crafted DNS packet that only contains header in lucid series | squid3 (Ubuntu Maverick) | Undecided | Fix Released | ||
| 907686 | CVE-2010-0308: DoS (assertion failure) via a crafted DNS packet that only contains header in lucid series | squid3 (Ubuntu Oneiric) | Undecided | Fix Released | ||
| 907686 | CVE-2010-0308: DoS (assertion failure) via a crafted DNS packet that only contains header in lucid series | squid3 (Ubuntu Natty) | Undecided | Fix Released | ||
Bug #907687: CVE-2010-0639: DoS (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 907687 | CVE-2010-0639: DoS (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port | squid3 (Ubuntu) | High | Fix Released | ||
| 907687 | CVE-2010-0639: DoS (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port | squid3 (Ubuntu Lucid) | Undecided | Fix Released | ||
| 907687 | CVE-2010-0639: DoS (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port | squid3 (Ubuntu Maverick) | Undecided | Fix Released | ||
| 907687 | CVE-2010-0639: DoS (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port | squid3 (Ubuntu Oneiric) | Undecided | Fix Released | ||
| 907687 | CVE-2010-0639: DoS (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port | squid3 (Ubuntu Natty) | Undecided | Fix Released | ||
Bug #907690: CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers.
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 907690 | CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers. | squid3 (Ubuntu) | High | Fix Released | ||
| 907690 | CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers. | squid3 (Ubuntu Lucid) | Undecided | Fix Released | ||
| 907690 | CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers. | squid3 (Ubuntu Maverick) | Undecided | Fix Released | ||
| 907690 | CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers. | squid3 (Ubuntu Oneiric) | Undecided | Fix Released | ||
| 907690 | CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers. | squid3 (Ubuntu Natty) | Undecided | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
