// For flags

CVE-2013-4115

squid: buffer overflow when processing overly long DNS names (SQUID-2013:2)

Severity Score

7.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request.

Desbordamiento de búfer en la función idnsALookup en dns_internal.cc en Squid v3.2 hasta v3.2.11 y v3.3 hasta v3.3.6, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria o finalización de servicio) a través de un nombre largo en una petición “DNS lookup”.

A buffer overflow flaw was found in Squid's DNS lookup module. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
Attack Vector
Adjacent
Attack Complexity
High
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2013-06-12 CVE Reserved
  • 2013-07-25 CVE Published
  • 2023-03-22 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (20)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Opensuse
Search vendor "Opensuse"
Opensuse
Search vendor "Opensuse" for product "Opensuse"
11.4
Search vendor "Opensuse" for product "Opensuse" and version "11.4"
-
Affected
Opensuse
Search vendor "Opensuse"
Opensuse
Search vendor "Opensuse" for product "Opensuse"
12.2
Search vendor "Opensuse" for product "Opensuse" and version "12.2"
-
Affected
Opensuse
Search vendor "Opensuse"
Opensuse
Search vendor "Opensuse" for product "Opensuse"
12.3
Search vendor "Opensuse" for product "Opensuse" and version "12.3"
-
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
3.2.0.1
Search vendor "Squid-cache" for product "Squid" and version "3.2.0.1"
-
Safe
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
3.2.0.2
Search vendor "Squid-cache" for product "Squid" and version "3.2.0.2"
-
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
3.2.0.3
Search vendor "Squid-cache" for product "Squid" and version "3.2.0.3"
-
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
3.2.0.4
Search vendor "Squid-cache" for product "Squid" and version "3.2.0.4"
-
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
3.2.0.5
Search vendor "Squid-cache" for product "Squid" and version "3.2.0.5"
-
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
3.2.0.6
Search vendor "Squid-cache" for product "Squid" and version "3.2.0.6"
-
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
3.2.0.7
Search vendor "Squid-cache" for product "Squid" and version "3.2.0.7"
-
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
3.2.0.8
Search vendor "Squid-cache" for product "Squid" and version "3.2.0.8"
-
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
3.2.0.9
Search vendor "Squid-cache" for product "Squid" and version "3.2.0.9"
-
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
3.2.0.10
Search vendor "Squid-cache" for product "Squid" and version "3.2.0.10"
-
Safe
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
3.2.0.11
Search vendor "Squid-cache" for product "Squid" and version "3.2.0.11"
-
Safe
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
3.3.0
Search vendor "Squid-cache" for product "Squid" and version "3.3.0"
-
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
3.3.0.2
Search vendor "Squid-cache" for product "Squid" and version "3.3.0.2"
-
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
3.3.0.3
Search vendor "Squid-cache" for product "Squid" and version "3.3.0.3"
-
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
3.3.1
Search vendor "Squid-cache" for product "Squid" and version "3.3.1"
-
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
3.3.2
Search vendor "Squid-cache" for product "Squid" and version "3.3.2"
-
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
3.3.3
Search vendor "Squid-cache" for product "Squid" and version "3.3.3"
-
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
3.3.4
Search vendor "Squid-cache" for product "Squid" and version "3.3.4"
-
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
3.3.5
Search vendor "Squid-cache" for product "Squid" and version "3.3.5"
-
Affected
Squid-cache
Search vendor "Squid-cache"
Squid
Search vendor "Squid-cache" for product "Squid"
3.3.6
Search vendor "Squid-cache" for product "Squid" and version "3.3.6"
-
Affected