CVE 2010-0308
lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.
Related bugs and status
CVE-2010-0308 (Candidate) is related to these bugs:
Bug #580590: Squid no longer uses $SQUID_MAXFD
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
580590 | Squid no longer uses $SQUID_MAXFD | squid (Ubuntu) | Wishlist | Confirmed |
Bug #907686: CVE-2010-0308: DoS (assertion failure) via a crafted DNS packet that only contains header in lucid series
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
907686 | CVE-2010-0308: DoS (assertion failure) via a crafted DNS packet that only contains header in lucid series | squid3 (Ubuntu) | High | Fix Released | ||
907686 | CVE-2010-0308: DoS (assertion failure) via a crafted DNS packet that only contains header in lucid series | squid3 (Ubuntu Lucid) | Undecided | Fix Released | ||
907686 | CVE-2010-0308: DoS (assertion failure) via a crafted DNS packet that only contains header in lucid series | squid3 (Ubuntu Maverick) | Undecided | Fix Released | ||
907686 | CVE-2010-0308: DoS (assertion failure) via a crafted DNS packet that only contains header in lucid series | squid3 (Ubuntu Oneiric) | Undecided | Fix Released | ||
907686 | CVE-2010-0308: DoS (assertion failure) via a crafted DNS packet that only contains header in lucid series | squid3 (Ubuntu Natty) | Undecided | Fix Released |
Bug #907687: CVE-2010-0639: DoS (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
907687 | CVE-2010-0639: DoS (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port | squid3 (Ubuntu) | High | Fix Released | ||
907687 | CVE-2010-0639: DoS (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port | squid3 (Ubuntu Lucid) | Undecided | Fix Released | ||
907687 | CVE-2010-0639: DoS (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port | squid3 (Ubuntu Maverick) | Undecided | Fix Released | ||
907687 | CVE-2010-0639: DoS (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port | squid3 (Ubuntu Oneiric) | Undecided | Fix Released | ||
907687 | CVE-2010-0639: DoS (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port | squid3 (Ubuntu Natty) | Undecided | Fix Released |
Bug #907690: CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers.
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
907690 | CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers. | squid3 (Ubuntu) | High | Fix Released | ||
907690 | CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers. | squid3 (Ubuntu Lucid) | Undecided | Fix Released | ||
907690 | CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers. | squid3 (Ubuntu Maverick) | Undecided | Fix Released | ||
907690 | CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers. | squid3 (Ubuntu Oneiric) | Undecided | Fix Released | ||
907690 | CVE-2011-3205: DoS (memory corruption and daemon restart) or remote Gopher servers. | squid3 (Ubuntu Natty) | Undecided | Fix Released |
See the
CVE page on Mitre.org
for more details.