Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2011-4096

Published: Nov 17, 2011 | Modified: Nov 28, 2016
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2011-4096
CWEhttps://cwe.mitre.org/data/definitions/399.html

The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record.

Affected Software

Name Vendor Start Version End Version
Squid Squid-cache 3.1.0.18 3.1.0.18
Squid Squid-cache 3.0.stable13 3.0.stable13
Squid Squid-cache 3.0 3.0
Squid Squid-cache 3.0.stable9 3.0.stable9
Squid Squid-cache 3.1.13 3.1.13
Squid Squid-cache 3.0 3.0
Squid Squid-cache 3.0.stable20 3.0.stable20
Squid Squid-cache 3.0.stable14 3.0.stable14
Squid Squid-cache 3.0.stable3 3.0.stable3
Squid Squid-cache 3.0 3.0
Squid Squid-cache 3.0 3.0
Squid Squid-cache 3.0 3.0
Squid Squid-cache 3.1.0.7 3.1.0.7
Squid Squid-cache 3.1.0.14 3.1.0.14
Squid Squid-cache 3.0.stable4 3.0.stable4
Squid Squid-cache 3.0 3.0
Squid Squid-cache 3.1.0.12 3.1.0.12
Squid Squid-cache 3.0 3.0
Squid Squid-cache 3.1.1 3.1.1
Squid Squid-cache 3.0.stable24 3.0.stable24
Squid Squid-cache 3.1.0.3 3.1.0.3
Squid Squid-cache 3.1.0.1 3.1.0.1
Squid Squid-cache 3.0.stable16 3.0.stable16
Squid Squid-cache 3.0.stable16 3.0.stable16
Squid Squid-cache 3.0 3.0
Squid Squid-cache 3.0 3.0
Squid Squid-cache 3.1.14 3.1.14
Squid Squid-cache 3.1.8 3.1.8
Squid Squid-cache 3.0 3.0
Squid Squid-cache 3.0.stable11 3.0.stable11
Squid Squid-cache 3.0.stable18 3.0.stable18
Squid Squid-cache 3.0.stable1 3.0.stable1
Squid Squid-cache 3.0 3.0
Squid Squid-cache 3.1.6 3.1.6
Squid Squid-cache 3.1.0.9 3.1.0.9
Squid Squid-cache 3.1.0.15 3.1.0.15
Squid Squid-cache 3.0 3.0
Squid Squid-cache 3.0.stable6 3.0.stable6
Squid Squid-cache 3.0 3.0
Squid Squid-cache 3.1.0.13 3.1.0.13
Squid Squid-cache 3.1.12 3.1.12
Squid Squid-cache 3.0.stable15 3.0.stable15
Squid Squid-cache 3.1.10 3.1.10
Squid Squid-cache 3.1.3 3.1.3
Squid Squid-cache 3.1.0.2 3.1.0.2
Squid Squid-cache 3.0.stable5 3.0.stable5
Squid Squid-cache 3.1.5 3.1.5
Squid Squid-cache 3.1.7 3.1.7
Squid Squid-cache 3.0 3.0
Squid Squid-cache 3.0.stable21 3.0.stable21
Squid Squid-cache 3.1.0.6 3.1.0.6
Squid Squid-cache 3.0 3.0
Squid Squid-cache 3.1.0.4 3.1.0.4
Squid Squid-cache 3.0 3.0
Squid Squid-cache 3.0.stable17 3.0.stable17
Squid Squid-cache 3.0 3.0
Squid Squid-cache 3.1 3.1
Squid Squid-cache 3.1.0.16 3.1.0.16
Squid Squid-cache 3.0.stable11 3.0.stable11
Squid Squid-cache 3.0 3.0
Squid Squid-cache 3.0 3.0
Squid Squid-cache 3.1.4 3.1.4
Squid Squid-cache 3.1.11 3.1.11
Squid Squid-cache 3.0 3.0
Squid Squid-cache 3.1.0.8 3.1.0.8
Squid Squid-cache 3.0 3.0
Squid Squid-cache 3.0.stable10 3.0.stable10
Squid Squid-cache 3.0.stable8 3.0.stable8
Squid Squid-cache 3.1.2 3.1.2
Squid Squid-cache 3.1.0.5 3.1.0.5
Squid Squid-cache 3.1.5.1 3.1.5.1
Squid Squid-cache 3.1.0.10 3.1.0.10
Squid Squid-cache 3.0.stable12 3.0.stable12
Squid Squid-cache 3.0.stable25 3.0.stable25
Squid Squid-cache 3.0 3.0
Squid Squid-cache 3.0 3.0
Squid Squid-cache 3.0 3.0
Squid Squid-cache 3.0.stable23 3.0.stable23
Squid Squid-cache 3.1.9 3.1.9
Squid Squid-cache 3.0.stable22 3.0.stable22
Squid Squid-cache 3.1.0.11 3.1.0.11
Squid Squid-cache 3.0.stable2 3.0.stable2
Squid Squid-cache 3.0.stable7 3.0.stable7
Squid Squid-cache 3.0 3.0
Squid Squid-cache 3.1.0.17 3.1.0.17
Squid Squid-cache 3.0.stable19 3.0.stable19
Squid Squid-cache * 3.1.15

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2023 Aqua Security Software Ltd.   Privacy Policy | Terms of Use