製品・ソフトウェアに関する情報

JVN脆弱性詳細

Gopher の gopherToHTML 関数におけるバッファオーバーフローの脆弱性

Title	Gopher の gopherToHTML 関数におけるバッファオーバーフローの脆弱性
Summary	Gopher の gopher.cc の gopherToHTML 関数は、Squid 内のパーサーに返信するため、バッファオーバーフローの脆弱性が存在します。本脆弱性は、CVE-2005-0094 のリグレッションに起因した脆弱性です。
Possible impacts	リモートの Gopher サーバにより、レスポンス内の過度に長い行を介して、サービス運用妨害 (メモリの破損およびデーモン再起動) 状態にされる、または詳細不明な影響を受ける可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Aug. 28, 2011, midnight
Registration Date	March 27, 2012, 6:43 p.m.
Last Update	April 18, 2012, 5:28 p.m.

CVSS2.0 : 警告
Score	6.8
Vector	AV:N/AC:M/Au:N/C:P/I:P/A:P

Affected System

Squid-cache.org

Squid 3.0.STABLE26 未満の 3.0、3.1.15 未満の 3.1、および 3.2.0.11 未満の 3.2

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2011-3205	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3205
National Vulnerability Database (NVD)
2	CVE-2011-3205	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3205

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-DesignError	https://www.ipa.go.jp/security/vuln/CWE.html#CWEDesignError

ベンダー情報

No	Name	URL
SECURITY BLOG
1	Buffer Overflow vulnerability in Squid	https://blogs.oracle.com/sunsecurity/entry/cve_2011_3205_buffer_overflow
squid-cache
2	SQUID-2011:3	http://www.squid-cache.org/Advisories/SQUID-2011_3.txt

Change Log

No	Changed Details	Date of change
0	[2012年03月27日] 掲載 [2012年04月18日] ベンダ情報：オラクル (Buffer Overflow vulnerability in Squid) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2011-3205

Summary	Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression.
Publication Date	Sept. 7, 2011, 12:55 a.m.
Registration Date	Jan. 28, 2021, 4:39 p.m.
Last Update	Nov. 21, 2024, 10:29 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:squid-cache:squid:3.0.stable13:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable9:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable20:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable14:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable3:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable4:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable24:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable16:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable16:rc1::::::
cpe:2.3:a:squid-cache:squid:3.0.stable11:rc1::::::
cpe:2.3:a:squid-cache:squid:3.0.stable18:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable1:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable6:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable15:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable5:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable21:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable17:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable11:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable10:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable8:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable12:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable25:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable23:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable22:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable2:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable7:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable19:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:squid-cache:squid:3.1.0.18:::::::*
cpe:2.3:a:squid-cache:squid:3.1.13:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.7:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.14:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.12:::::::*
cpe:2.3:a:squid-cache:squid:3.1.1:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.3:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.1:::::::*
cpe:2.3:a:squid-cache:squid:3.1.14:::::::*
cpe:2.3:a:squid-cache:squid:3.1.8:::::::*
cpe:2.3:a:squid-cache:squid:3.1.6:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.9:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.15:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.13:::::::*
cpe:2.3:a:squid-cache:squid:3.1.12:::::::*
cpe:2.3:a:squid-cache:squid:3.1.10:::::::*
cpe:2.3:a:squid-cache:squid:3.1.3:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.2:::::::*
cpe:2.3:a:squid-cache:squid:3.1.5:::::::*
cpe:2.3:a:squid-cache:squid:3.1.7:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.6:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.4:::::::*
cpe:2.3:a:squid-cache:squid:3.1:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.16:::::::*
cpe:2.3:a:squid-cache:squid:3.1.4:::::::*
cpe:2.3:a:squid-cache:squid:3.1.11:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.8:::::::*
cpe:2.3:a:squid-cache:squid:3.1.2:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.5:::::::*
cpe:2.3:a:squid-cache:squid:3.1.5.1:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.10:::::::*
cpe:2.3:a:squid-cache:squid:3.1.9:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.11:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.17:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:a:squid-cache:squid:3.2.0.9:::::::*
cpe:2.3:a:squid-cache:squid:3.2.0.1:::::::*
cpe:2.3:a:squid-cache:squid:3.2.0.6:::::::*
cpe:2.3:a:squid-cache:squid:3.2.0.10:::::::*
cpe:2.3:a:squid-cache:squid:3.2.0.7:::::::*
cpe:2.3:a:squid-cache:squid:3.2.0.3:::::::*
cpe:2.3:a:squid-cache:squid:3.2.0.4:::::::*
cpe:2.3:a:squid-cache:squid:3.2.0.2:::::::*
cpe:2.3:a:squid-cache:squid:3.2.0.8:::::::*
cpe:2.3:a:squid-cache:squid:3.2.0.5:::::::*

Related information, measures and tools

No	URL	タグ
1	http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065534.html
2	http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.html
3	http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.html
4	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html
5	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
6	http://openwall.com/lists/oss-security/2011/08/29/2
7	http://openwall.com/lists/oss-security/2011/08/30/4
8	http://openwall.com/lists/oss-security/2011/08/30/8
9	http://secunia.com/advisories/45805	Vendor Advisory
10	http://secunia.com/advisories/45906
11	http://secunia.com/advisories/45920
12	http://secunia.com/advisories/45965
13	http://secunia.com/advisories/46029
14	http://securitytracker.com/id?1025981
15	http://www.debian.org/security/2011/dsa-2304
16	http://www.mandriva.com/security/advisories?name=MDVSA-2011:150
17	http://www.osvdb.org/74847
18	http://www.redhat.com/support/errata/RHSA-2011-1293.html
19	http://www.securityfocus.com/bid/49356
20	http://www.squid-cache.org/Advisories/SQUID-2011_3.txt
21	http://www.squid-cache.org/Versions/v2/2.HEAD/changesets/12710.patch	Patch
22	http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch	Patch
23	http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10363.patch	Patch
24	http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11294.patch	Patch
25	https://bugzilla.redhat.com/show_bug.cgi?id=734583	Patch
26	http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065534.html
27	https://bugzilla.redhat.com/show_bug.cgi?id=734583	Patch
28	http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11294.patch	Patch
29	http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10363.patch	Patch
30	http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch	Patch
31	http://www.squid-cache.org/Versions/v2/2.HEAD/changesets/12710.patch	Patch
32	http://www.squid-cache.org/Advisories/SQUID-2011_3.txt
33	http://www.securityfocus.com/bid/49356
34	http://www.redhat.com/support/errata/RHSA-2011-1293.html
35	http://www.osvdb.org/74847
36	http://www.mandriva.com/security/advisories?name=MDVSA-2011:150
37	http://www.debian.org/security/2011/dsa-2304
38	http://securitytracker.com/id?1025981
39	http://secunia.com/advisories/46029
40	http://secunia.com/advisories/45965
41	http://secunia.com/advisories/45920
42	http://secunia.com/advisories/45906
43	http://secunia.com/advisories/45805	Vendor Advisory
44	http://openwall.com/lists/oss-security/2011/08/30/8
45	http://openwall.com/lists/oss-security/2011/08/30/4
46	http://openwall.com/lists/oss-security/2011/08/29/2
47	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
48	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html
49	http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.html
50	http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.html

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:squid-cache:squid:3.0.stable13:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable9:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable20:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable14:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable3:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable4:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable24:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable16:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable16:rc1::::::
cpe:2.3:a:squid-cache:squid:3.0.stable11:rc1::::::
cpe:2.3:a:squid-cache:squid:3.0.stable18:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable1:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable6:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable15:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable5:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable21:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable17:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable11:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable10:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable8:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable12:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable25:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable23:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable22:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable2:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable7:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable19:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:squid-cache:squid:3.1.0.18:::::::*
cpe:2.3:a:squid-cache:squid:3.1.13:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.7:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.14:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.12:::::::*
cpe:2.3:a:squid-cache:squid:3.1.1:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.3:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.1:::::::*
cpe:2.3:a:squid-cache:squid:3.1.14:::::::*
cpe:2.3:a:squid-cache:squid:3.1.8:::::::*
cpe:2.3:a:squid-cache:squid:3.1.6:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.9:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.15:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.13:::::::*
cpe:2.3:a:squid-cache:squid:3.1.12:::::::*
cpe:2.3:a:squid-cache:squid:3.1.10:::::::*
cpe:2.3:a:squid-cache:squid:3.1.3:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.2:::::::*
cpe:2.3:a:squid-cache:squid:3.1.5:::::::*
cpe:2.3:a:squid-cache:squid:3.1.7:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.6:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.4:::::::*
cpe:2.3:a:squid-cache:squid:3.1:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.16:::::::*
cpe:2.3:a:squid-cache:squid:3.1.4:::::::*
cpe:2.3:a:squid-cache:squid:3.1.11:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.8:::::::*
cpe:2.3:a:squid-cache:squid:3.1.2:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.5:::::::*
cpe:2.3:a:squid-cache:squid:3.1.5.1:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.10:::::::*
cpe:2.3:a:squid-cache:squid:3.1.9:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.11:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.17:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:a:squid-cache:squid:3.2.0.9:::::::*
cpe:2.3:a:squid-cache:squid:3.2.0.1:::::::*
cpe:2.3:a:squid-cache:squid:3.2.0.6:::::::*
cpe:2.3:a:squid-cache:squid:3.2.0.10:::::::*
cpe:2.3:a:squid-cache:squid:3.2.0.7:::::::*
cpe:2.3:a:squid-cache:squid:3.2.0.3:::::::*
cpe:2.3:a:squid-cache:squid:3.2.0.4:::::::*
cpe:2.3:a:squid-cache:squid:3.2.0.2:::::::*
cpe:2.3:a:squid-cache:squid:3.2.0.8:::::::*
cpe:2.3:a:squid-cache:squid:3.2.0.5:::::::*