CVE-2011-3205 [Medium] | Denial of Service in Squid

Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-02-14	76.04%	74.96%	-1.08%
2	2025-12-28	47.44%	76.04%	+28.60%
3	2025-12-27	—	47.44%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-02-14

76.04%

74.96%

-1.08%

2025-12-28

47.44%

76.04%

+28.60%

2025-12-27

—

47.44%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
6.8	2.0	MEDIUM	`AV:N/AC:M/Au:N/C:P/I:P/A:P` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:M) Exploitation needs some favorable conditions, but not exceptional ones. Authentication (AU:N) No authentication is required. Confidentiality impact (C:P) Partial confidentiality impact. Integrity impact (I:P) Partial integrity impact. Availability impact (A:P) Partial availability impact.	8.6	6.4	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

6.8

2.0

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:M): Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:P): Partial confidentiality impact.
Integrity impact (I:P): Partial integrity impact.
Availability impact (A:P): Partial availability impact.

8.6

6.4

[email protected]

OS Trackers for CVE-2011-3205

vendor	priority	summary	link
`debian`	unimportant	CVE-2011-3205 unimportant priority: Debian including 1 source packages (squid), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2011-3205
`gentoo`	high	CVE-2011-3205: 1 GLSA(s) (201110-24), 1 atom(s) (net-proxy/squid); latest impact high.	https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2011-3205
`redhat`	medium	—	https://access.redhat.com/security/cve/CVE-2011-3205
`suse`	medium	CVE-2011-3205 severity moderate: SUSE including 3 source package names (squid3-3.1.12-8.10.1, squid3-3.1.12-8.12.1, squid3-3.1.23-8.16.30.1), 6 product×package rows across 6 product lines (SUSE Linux Enterprise Server 11 SP1-TERADATA, SUSE Linux Enterprise Server 11 SP2, … (6 product lines)): Fixed 6.	https://www.suse.com/security/cve/CVE-2011-3205/
`ubuntu`	medium	CVE-2011-3205 medium priority: Ubuntu including 2 source packages (squid, squid3), 12 status rows across 6 suites (hardy, lucid, maverick, natty, oneiric, upstream): released 6, not-affected 5, ignored 1.	https://ubuntu.com/security/CVE-2011-3205

Affected software / configurations for CVE-2011-3205

Vendor	Product	Version	Raw CPE
squid-cache	squid	3.0.stable1	cpe:2.3:a:squid-cache:squid:3.0.stable1:::::::*
squid-cache	squid	3.0.stable2	cpe:2.3:a:squid-cache:squid:3.0.stable2:::::::*
squid-cache	squid	3.0.stable3	cpe:2.3:a:squid-cache:squid:3.0.stable3:::::::*
squid-cache	squid	3.0.stable4	cpe:2.3:a:squid-cache:squid:3.0.stable4:::::::*
squid-cache	squid	3.0.stable5	cpe:2.3:a:squid-cache:squid:3.0.stable5:::::::*
squid-cache	squid	3.0.stable6	cpe:2.3:a:squid-cache:squid:3.0.stable6:::::::*
squid-cache	squid	3.0.stable7	cpe:2.3:a:squid-cache:squid:3.0.stable7:::::::*
squid-cache	squid	3.0.stable8	cpe:2.3:a:squid-cache:squid:3.0.stable8:::::::*
squid-cache	squid	3.0.stable9	cpe:2.3:a:squid-cache:squid:3.0.stable9:::::::*
squid-cache	squid	3.0.stable10	cpe:2.3:a:squid-cache:squid:3.0.stable10:::::::*
squid-cache	squid	3.0.stable11	cpe:2.3:a:squid-cache:squid:3.0.stable11:::::::*
squid-cache	squid	3.0.stable11	cpe:2.3:a:squid-cache:squid:3.0.stable11:rc1::::::
squid-cache	squid	3.0.stable12	cpe:2.3:a:squid-cache:squid:3.0.stable12:::::::*
squid-cache	squid	3.0.stable13	cpe:2.3:a:squid-cache:squid:3.0.stable13:::::::*
squid-cache	squid	3.0.stable14	cpe:2.3:a:squid-cache:squid:3.0.stable14:::::::*
squid-cache	squid	3.0.stable15	cpe:2.3:a:squid-cache:squid:3.0.stable15:::::::*
squid-cache	squid	3.0.stable16	cpe:2.3:a:squid-cache:squid:3.0.stable16:::::::*
squid-cache	squid	3.0.stable16	cpe:2.3:a:squid-cache:squid:3.0.stable16:rc1::::::
squid-cache	squid	3.0.stable17	cpe:2.3:a:squid-cache:squid:3.0.stable17:::::::*
squid-cache	squid	3.0.stable18	cpe:2.3:a:squid-cache:squid:3.0.stable18:::::::*
squid-cache	squid	3.0.stable19	cpe:2.3:a:squid-cache:squid:3.0.stable19:::::::*
squid-cache	squid	3.0.stable20	cpe:2.3:a:squid-cache:squid:3.0.stable20:::::::*
squid-cache	squid	3.0.stable21	cpe:2.3:a:squid-cache:squid:3.0.stable21:::::::*
squid-cache	squid	3.0.stable22	cpe:2.3:a:squid-cache:squid:3.0.stable22:::::::*
squid-cache	squid	3.0.stable23	cpe:2.3:a:squid-cache:squid:3.0.stable23:::::::*
squid-cache	squid	3.0.stable24	cpe:2.3:a:squid-cache:squid:3.0.stable24:::::::*
squid-cache	squid	3.0.stable25	cpe:2.3:a:squid-cache:squid:3.0.stable25:::::::*
squid-cache	squid	3.1	cpe:2.3:a:squid-cache:squid:3.1:::::::*
squid-cache	squid	3.1.0.1	cpe:2.3:a:squid-cache:squid:3.1.0.1:::::::*
squid-cache	squid	3.1.0.2	cpe:2.3:a:squid-cache:squid:3.1.0.2:::::::*
squid-cache	squid	3.1.0.3	cpe:2.3:a:squid-cache:squid:3.1.0.3:::::::*
squid-cache	squid	3.1.0.4	cpe:2.3:a:squid-cache:squid:3.1.0.4:::::::*
squid-cache	squid	3.1.0.5	cpe:2.3:a:squid-cache:squid:3.1.0.5:::::::*
squid-cache	squid	3.1.0.6	cpe:2.3:a:squid-cache:squid:3.1.0.6:::::::*
squid-cache	squid	3.1.0.7	cpe:2.3:a:squid-cache:squid:3.1.0.7:::::::*
squid-cache	squid	3.1.0.8	cpe:2.3:a:squid-cache:squid:3.1.0.8:::::::*
squid-cache	squid	3.1.0.9	cpe:2.3:a:squid-cache:squid:3.1.0.9:::::::*
squid-cache	squid	3.1.0.10	cpe:2.3:a:squid-cache:squid:3.1.0.10:::::::*
squid-cache	squid	3.1.0.11	cpe:2.3:a:squid-cache:squid:3.1.0.11:::::::*
squid-cache	squid	3.1.0.12	cpe:2.3:a:squid-cache:squid:3.1.0.12:::::::*
squid-cache	squid	3.1.0.13	cpe:2.3:a:squid-cache:squid:3.1.0.13:::::::*
squid-cache	squid	3.1.0.14	cpe:2.3:a:squid-cache:squid:3.1.0.14:::::::*
squid-cache	squid	3.1.0.15	cpe:2.3:a:squid-cache:squid:3.1.0.15:::::::*
squid-cache	squid	3.1.0.16	cpe:2.3:a:squid-cache:squid:3.1.0.16:::::::*
squid-cache	squid	3.1.0.17	cpe:2.3:a:squid-cache:squid:3.1.0.17:::::::*
squid-cache	squid	3.1.0.18	cpe:2.3:a:squid-cache:squid:3.1.0.18:::::::*
squid-cache	squid	3.1.1	cpe:2.3:a:squid-cache:squid:3.1.1:::::::*
squid-cache	squid	3.1.2	cpe:2.3:a:squid-cache:squid:3.1.2:::::::*
squid-cache	squid	3.1.3	cpe:2.3:a:squid-cache:squid:3.1.3:::::::*
squid-cache	squid	3.1.4	cpe:2.3:a:squid-cache:squid:3.1.4:::::::*
squid-cache	squid	3.1.5	cpe:2.3:a:squid-cache:squid:3.1.5:::::::*
squid-cache	squid	3.1.5.1	cpe:2.3:a:squid-cache:squid:3.1.5.1:::::::*
squid-cache	squid	3.1.6	cpe:2.3:a:squid-cache:squid:3.1.6:::::::*
squid-cache	squid	3.1.7	cpe:2.3:a:squid-cache:squid:3.1.7:::::::*
squid-cache	squid	3.1.8	cpe:2.3:a:squid-cache:squid:3.1.8:::::::*
squid-cache	squid	3.1.9	cpe:2.3:a:squid-cache:squid:3.1.9:::::::*
squid-cache	squid	3.1.10	cpe:2.3:a:squid-cache:squid:3.1.10:::::::*
squid-cache	squid	3.1.11	cpe:2.3:a:squid-cache:squid:3.1.11:::::::*
squid-cache	squid	3.1.12	cpe:2.3:a:squid-cache:squid:3.1.12:::::::*
squid-cache	squid	3.1.13	cpe:2.3:a:squid-cache:squid:3.1.13:::::::*
squid-cache	squid	3.1.14	cpe:2.3:a:squid-cache:squid:3.1.14:::::::*
squid-cache	squid	3.2.0.1	cpe:2.3:a:squid-cache:squid:3.2.0.1:::::::*
squid-cache	squid	3.2.0.2	cpe:2.3:a:squid-cache:squid:3.2.0.2:::::::*
squid-cache	squid	3.2.0.3	cpe:2.3:a:squid-cache:squid:3.2.0.3:::::::*
squid-cache	squid	3.2.0.4	cpe:2.3:a:squid-cache:squid:3.2.0.4:::::::*
squid-cache	squid	3.2.0.5	cpe:2.3:a:squid-cache:squid:3.2.0.5:::::::*
squid-cache	squid	3.2.0.6	cpe:2.3:a:squid-cache:squid:3.2.0.6:::::::*
squid-cache	squid	3.2.0.7	cpe:2.3:a:squid-cache:squid:3.2.0.7:::::::*
squid-cache	squid	3.2.0.8	cpe:2.3:a:squid-cache:squid:3.2.0.8:::::::*
squid-cache	squid	3.2.0.9	cpe:2.3:a:squid-cache:squid:3.2.0.9:::::::*
squid-cache	squid	3.2.0.10	cpe:2.3:a:squid-cache:squid:3.2.0.10:::::::*

References for CVE-2011-3205

URL	Tags
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065534.html
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
http://openwall.com/lists/oss-security/2011/08/29/2
http://openwall.com/lists/oss-security/2011/08/30/4
http://openwall.com/lists/oss-security/2011/08/30/8
http://secunia.com/advisories/45805	Vendor Advisory
http://secunia.com/advisories/45906
http://secunia.com/advisories/45920
http://secunia.com/advisories/45965
http://secunia.com/advisories/46029
http://securitytracker.com/id?1025981
http://www.debian.org/security/2011/dsa-2304
http://www.mandriva.com/security/advisories?name=MDVSA-2011:150
http://www.osvdb.org/74847
http://www.redhat.com/support/errata/RHSA-2011-1293.html
http://www.securityfocus.com/bid/49356
http://www.squid-cache.org/Advisories/SQUID-2011_3.txt
http://www.squid-cache.org/Versions/v2/2.HEAD/changesets/12710.patch	Patch
http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch	Patch
http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10363.patch	Patch
http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11294.patch	Patch
https://bugzilla.redhat.com/show_bug.cgi?id=734583	Patch

URL

CVE-2011-3205

Exploit prediction scoring system (EPSS) score for CVE-2011-3205

Common vulnerability scoring system (CVSS) metrics for CVE-2011-3205

Weakness enumeration for CVE-2011-3205

OS Trackers for CVE-2011-3205

Affected software / configurations for CVE-2011-3205

References for CVE-2011-3205