CVE 2011-3205
Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression.
Related bugs and status
CVE-2011-3205 (Candidate) is related to these bugs:
Bug #907686: CVE-2010-0308: DoS (assertion failure) via a crafted DNS packet that only contains header in lucid series
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 907686 | CVE-2010-0308: DoS (assertion failure) via a crafted DNS packet that only contains header in lucid series | squid3 (Ubuntu) | High | Fix Released | ||
| 907686 | CVE-2010-0308: DoS (assertion failure) via a crafted DNS packet that only contains header in lucid series | squid3 (Ubuntu Lucid) | Undecided | Fix Released | ||
| 907686 | CVE-2010-0308: DoS (assertion failure) via a crafted DNS packet that only contains header in lucid series | squid3 (Ubuntu Maverick) | Undecided | Fix Released | ||
| 907686 | CVE-2010-0308: DoS (assertion failure) via a crafted DNS packet that only contains header in lucid series | squid3 (Ubuntu Oneiric) | Undecided | Fix Released | ||
| 907686 | CVE-2010-0308: DoS (assertion failure) via a crafted DNS packet that only contains header in lucid series | squid3 (Ubuntu Natty) | Undecided | Fix Released | ||
Bug #907687: CVE-2010-0639: DoS (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 907687 | CVE-2010-0639: DoS (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port | squid3 (Ubuntu) | High | Fix Released | ||
| 907687 | CVE-2010-0639: DoS (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port | squid3 (Ubuntu Lucid) | Undecided | Fix Released | ||
| 907687 | CVE-2010-0639: DoS (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port | squid3 (Ubuntu Maverick) | Undecided | Fix Released | ||
| 907687 | CVE-2010-0639: DoS (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port | squid3 (Ubuntu Oneiric) | Undecided | Fix Released | ||
| 907687 | CVE-2010-0639: DoS (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port | squid3 (Ubuntu Natty) | Undecided | Fix Released | ||
Bug #907690: CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers.
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 907690 | CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers. | squid3 (Ubuntu) | High | Fix Released | ||
| 907690 | CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers. | squid3 (Ubuntu Lucid) | Undecided | Fix Released | ||
| 907690 | CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers. | squid3 (Ubuntu Maverick) | Undecided | Fix Released | ||
| 907690 | CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers. | squid3 (Ubuntu Oneiric) | Undecided | Fix Released | ||
| 907690 | CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers. | squid3 (Ubuntu Natty) | Undecided | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
