 |
|
|
|
| polipo proxy server DoS | | Published: |  | 22.02.2010 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 10640 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | Crash on processing HTTP request and response headers. |
| Affected: |  | POLIPO : Polipo 0.9 | | | | POLIPO : Polipo 1.0 | | CVE: |  | CVE-2009-4413 (The httpClientDiscardBody function in client.c in Polipo 0.9.8, 0.9.12, 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a large Content-Length value, which triggers an integer overflow, a signed-to-unsigned conversion error with a negative value, and a segmentation fault.) | | | | CVE-2009-3305 (Polipo 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a Cache-Control header that lacks a value for the max-age field, which triggers a segmentation fault in the httpParseHeaders function in http_parse.c, and possibly other unspecified vectors.) |
|
|
|
|
|
|
|
|
