Launchpad CVE tracker

CVE 2011-4096

The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record.

Related bugs and status

CVE-2011-4096 (Candidate) is related to these bugs:

Bug #907687: CVE-2010-0639: DoS (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port

		In	Importance	Status
907687	CVE-2010-0639: DoS (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port	squid3 (Ubuntu)	High	Fix Released
907687	CVE-2010-0639: DoS (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port	squid3 (Ubuntu Lucid)	Undecided	Fix Released
907687	CVE-2010-0639: DoS (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port	squid3 (Ubuntu Maverick)	Undecided	Fix Released
907687	CVE-2010-0639: DoS (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port	squid3 (Ubuntu Oneiric)	Undecided	Fix Released
907687	CVE-2010-0639: DoS (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port	squid3 (Ubuntu Natty)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2011-4096

References