CVE-2010-2951 - Vulnerability Details - OpenCVE

dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the TC bit set.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.55183.

Key SSVC decision points have not yet been added.

Vendors	Products
Squid-cache	Squid

Configuration 1 [-]

cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://bazaar.launchpad.net/~squid/squid/3.1/revision/10072
http://bugs.gentoo.org/show_bug.cgi?id=334263
http://bugs.squid-cache.org/show_bug.cgi?id=3009
http://bugs.squid-cache.org/show_bug.cgi?id=3021
http://marc.info/?l=squid-users&m=128263555724981&w=2
http://www.openwall.com/lists/oss-security/2010/08/24/6
http://www.openwall.com/lists/oss-security/2010/08/24/7
http://www.openwall.com/lists/oss-security/2010/08/25/2
http://www.openwall.com/lists/oss-security/2010/08/25/6
http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10072.patch
https://bugzilla.redhat.com/show_bug.cgi?id=626927
https://nvd.nist.gov/vuln/detail/CVE-2010-2951
https://www.cve.org/CVERecord?id=CVE-2010-2951

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2010-10-12T20:00:00Z

Updated: 2024-08-07T02:55:45.461Z

Reserved: 2010-08-04T00:00:00Z

Link: CVE-2010-2951

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2010-10-12T21:00:01.710

Modified: 2025-04-11T00:51:21.963

Link: CVE-2010-2951

Redhat

Severity : Low

Publid Date: 2010-08-18T00:00:00Z

Links: CVE-2010-2951 - Bugzilla

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the TC bit set."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2010-10-12T20:00:00Z"}, "references": [{"name": "[oss-security] 20100825 Re: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2010/08/25/6"}, {"name": "[oss-security] 20100825 Re: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2010/08/24/7"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.squid-cache.org/show_bug.cgi?id=3009"}, {"name": "[squid-users] 20100824 Squid 3.1.7 is available", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=squid-users&m=128263555724981&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=626927"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.squid-cache.org/show_bug.cgi?id=3021"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bazaar.launchpad.net/~squid/squid/3.1/revision/10072"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=334263"}, {"name": "[oss-security] 20100824 CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2010/08/24/6"}, {"name": "[oss-security] 20100825 Re: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2010/08/25/2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10072.patch"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T02:55:45.461Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20100825 Re: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2010/08/25/6"}, {"name": "[oss-security] 20100825 Re: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2010/08/24/7"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.squid-cache.org/show_bug.cgi?id=3009"}, {"name": "[squid-users] 20100824 Squid 3.1.7 is available", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=squid-users&m=128263555724981&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=626927"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.squid-cache.org/show_bug.cgi?id=3021"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bazaar.launchpad.net/~squid/squid/3.1/revision/10072"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=334263"}, {"name": "[oss-security] 20100824 CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2010/08/24/6"}, {"name": "[oss-security] 20100825 Re: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2010/08/25/2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10072.patch"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-2951", "state": "PUBLISHED", "dateReserved": "2010-08-04T00:00:00Z", "datePublished": "2010-10-12T20:00:00Z", "dateUpdated": "2024-08-07T02:55:45.461Z"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "E3AB229E-2C32-410B-BFE2-62DCA734C3F3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the TC bit set."}, {"lang": "es", "value": "dns_internal.cc en Squid 3.1.6, cuando la resoluci\u00f3n DNS IPv6 no est\u00e1 habilitada, accede a un socket inv\u00e1lido durante una petici\u00f3n DNS TCP IPv4, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (por falta de confirmaci\u00f3n y salida del demonio) mediante vectores que disparan una respuesta DNS IPv4 con el bit TC configurado."}], "id": "CVE-2010-2951", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-10-12T21:00:01.710", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://bazaar.launchpad.net/~squid/squid/3.1/revision/10072"}, {"source": "secalert@redhat.com", "url": "http://bugs.gentoo.org/show_bug.cgi?id=334263"}, {"source": "secalert@redhat.com", "url": "http://bugs.squid-cache.org/show_bug.cgi?id=3009"}, {"source": "secalert@redhat.com", "url": "http://bugs.squid-cache.org/show_bug.cgi?id=3021"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://marc.info/?l=squid-users&m=128263555724981&w=2"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2010/08/24/6"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2010/08/24/7"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2010/08/25/2"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2010/08/25/6"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10072.patch"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=626927"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://bazaar.launchpad.net/~squid/squid/3.1/revision/10072"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.gentoo.org/show_bug.cgi?id=334263"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.squid-cache.org/show_bug.cgi?id=3009"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.squid-cache.org/show_bug.cgi?id=3021"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://marc.info/?l=squid-users&m=128263555724981&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2010/08/24/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2010/08/24/7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2010/08/25/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2010/08/25/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10072.patch"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=626927"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}