Description

The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record.

Remediation

References

CVE-2011-4096

Related Vulnerabilities

MySQL Improper Authentication Vulnerability (CVE-2012-2122)

WordPress Plugin Bad Behavior Multiple Vulnerabilities (2.2.18)

Java Unspesificed Vulnerability (CVE-2018-2972)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-0618)

Jetty Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-28169)

Severity

Medium

Classification

CVE-2011-4096

Tags

Missing Update Known Vulnerabilities