CVE-2010-0308

lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
VendorProductVersion
squid-cachesquid
2.0
squid-cachesquid
2.1
squid-cachesquid
2.2
squid-cachesquid
2.3
squid-cachesquid
2.4
squid-cachesquid
2.5
squid-cachesquid
2.6
squid-cachesquid
2.7
squid-cachesquid
3.0
squid-cachesquid
3.0.stable1:stable1
squid-cachesquid
3.0.stable2:stable2
squid-cachesquid
3.0.stable3:stable3
squid-cachesquid
3.0.stable4:stable4
squid-cachesquid
3.0.stable5:stable5
squid-cachesquid
3.0.stable6:stable6
squid-cachesquid
3.0.stable7:stable7
squid-cachesquid
3.0.stable8:stable8
squid-cachesquid
3.0.stable9:stable9
squid-cachesquid
3.0.stable11:stable11
squid-cachesquid
3.0.stable12:stable12
squid-cachesquid
3.0.stable13:stable13
squid-cachesquid
3.0.stable14:stable14
squid-cachesquid
3.0.stable15:stable15
squid-cachesquid
3.0.stable16:stable16
squid-cachesquid
3.0.stable17:stable17
squid-cachesquid
3.0.stable18:stable18
squid-cachesquid
3.0.stable19:stable19
squid-cachesquid
3.0.stable20:stable20
squid-cachesquid
3.0.stable21:stable21
squid-cachesquid
3.0.stable22:stable22
squid-cachesquid
3.1
squid-cachesquid
3.1.0.1
squid-cachesquid
3.1.0.2
squid-cachesquid
3.1.0.3
squid-cachesquid
3.1.0.4
squid-cachesquid
3.1.0.5
squid-cachesquid
3.1.0.6
squid-cachesquid
3.1.0.7
squid-cachesquid
3.1.0.8
squid-cachesquid
3.1.0.9
squid-cachesquid
3.1.0.10
squid-cachesquid
3.1.0.11
squid-cachesquid
3.1.0.12
squid-cachesquid
3.1.0.13
squid-cachesquid
3.1.0.14
squid-cachesquid
3.1.0.15
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
squid
bullseye
4.13-10+deb11u3
fixed
bullseye (security)
4.13-10+deb11u3
fixed
bookworm
5.7-2+deb12u2
fixed
bookworm (security)
5.7-2+deb12u2
fixed
sid
6.12-1
fixed
trixie
6.12-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
squid
oneiric
Fixed 2.7.STABLE7-1ubuntu6
released
natty
Fixed 2.7.STABLE7-1ubuntu6
released
maverick
Fixed 2.7.STABLE7-1ubuntu6
released
lucid
Fixed 2.7.STABLE7-1ubuntu6
released
karmic
Fixed 2.7.STABLE6-2ubuntu2.1
released
jaunty
Fixed 2.7.STABLE3-4.1ubuntu1.1
released
intrepid
Fixed 2.7.STABLE3-1ubuntu2.2
released
hardy
Fixed 2.6.18-1ubuntu3.1
released
dapper
Fixed 2.5.12-4ubuntu2.5
released
squid3
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
Fixed 3.0.STABLE19-1ubuntu0.2
released
karmic
ignored
jaunty
Fixed 3.0.STABLE8-3+lenny4build0.9.04.1
released
intrepid
ignored
hardy
ignored
dapper
dne
Common Weakness Enumeration
References
http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf
http://osvdb.org/62044
http://secunia.com/advisories/38451
http://secunia.com/advisories/38455
http://www.securityfocus.com/bid/37522
http://www.securitytracker.com/id?1023520
http://www.squid-cache.org/Advisories/SQUID-2010_1.txt
http://www.squid-cache.org/Versions/v2/HEAD/changesets/12597.patch
http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9163.patch
http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-9853.patch
http://www.vupen.com/english/advisories/2010/0260
https://exchange.xforce.ibmcloud.com/vulnerabilities/56001
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11270
http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf
http://osvdb.org/62044
http://secunia.com/advisories/38451
http://secunia.com/advisories/38455
http://www.securityfocus.com/bid/37522
http://www.securitytracker.com/id?1023520
http://www.squid-cache.org/Advisories/SQUID-2010_1.txt
http://www.squid-cache.org/Versions/v2/HEAD/changesets/12597.patch
http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9163.patch
http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-9853.patch
http://www.vupen.com/english/advisories/2010/0260
https://exchange.xforce.ibmcloud.com/vulnerabilities/56001
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11270