Computer Security
[EN] securityvulns.ru no-pyccku


polipo proxy server DoS
Published:22.02.2010
Source:
SecurityVulns ID:10640
Type:remote
Threat Level:
5/10
Description:Crash on processing HTTP request and response headers.
Affected:POLIPO : Polipo 0.9
 POLIPO : Polipo 1.0
CVE:CVE-2009-4413 (The httpClientDiscardBody function in client.c in Polipo 0.9.8, 0.9.12, 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a large Content-Length value, which triggers an integer overflow, a signed-to-unsigned conversion error with a negative value, and a segmentation fault.)
 CVE-2009-3305 (Polipo 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a Cache-Control header that lacks a value for the max-age field, which triggers a segmentation fault in the httpParseHeaders function in http_parse.c, and possibly other unspecified vectors.)
Original documentdocumentDEBIAN, [SECURITY] [DSA-2002-1] New polipo packages fix denial of service (22.02.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod