oss-sec mailing list archives
CVE request: polipo DoS via overly large "Content-Length" header
From: Raphael Geissert <geissert () debian org>
Date: Sat, 12 Dec 2009 01:00:15 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, A vulnerability has been found in polipo that allows a remote attacker to crash the daemon via an overly large "Content-Length" header. The vulnerability is caused by connection->reqlen (in client.c: httpClientDiscardBody()) being a signed integer which can be overflowed turning it into a negative value which later leads to a segmentation fault in the call to memmove. References: http://www.exploit-db.com/exploits/10338 http://bugs.debian.org/560779 http://secunia.com/advisories/37607/ Could a CVE be assigned? Thanks in advance. Regards - -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAksjP4MACgkQYy49rUbZzlqESQCdG3O9usXILnu4G6NuMmfUcQ2b uYMAn1Y54+xj89y3cqXrpeQHUirdrr6E =KUfO -----END PGP SIGNATURE-----
Current thread:
- CVE request: polipo DoS via overly large "Content-Length" header Raphael Geissert (Dec 12)
- Re: CVE request: polipo DoS via overly large "Content-Length" header Steven M. Christey (Dec 23)