Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 24 Aug 2010 19:38:19 +0200
From: Jan Lieskovsky <>
To: "Steven M. Christey" <>
CC: oss-security <>,
        Amos Jeffries <>,
        Stephen Thorne <>
Subject: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large
 DNS replies with no IPv6 resolver present

Hi Steve, vendors,

   Stephen Thorne reported a buffer overread flaw in the way Squid proxy caching server
processed large DNS replies in cases, when no IPv6 resolver was present.
A remote attacker could provide DNS reply with large amount of data,
leading to denial of service (squid server crash).

Upstream bug report:

Relevant upstream changeset:


Could you allocate CVE id for this issue?

Amos, Stephen please correct me, if some of [1] and [2] doesn't correspond to:

"One regression introduced with 3.1.6 when contacting IPv4-only DNS
resolvers opens a small but exploitable DoS vulnerability."

issue mentioned in [3].

Thanks && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ