oss-sec mailing list archives

Re: HAVP 0.89 fixes a crash

From: "Steven M. Christey" <coley () linus mitre org>
Date: Thu, 14 Aug 2008 17:01:57 -0400 (EDT)


======================================================
Name: CVE-2008-3688
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3688
Reference: MLIST:[havp-devel] 20080715 Infinite loop which causes havp to block completely
Reference: URL:https://sourceforge.net/mailarchive/message.php?msg_name=487CDF51.5060201%40endian.com
Reference: CONFIRM:http://www.server-side.de/index.htm

sockethandler.cpp in HTTP Antivirus Proxy (HAVP) 0.88 allows remote
attackers to cause a denial of service (hang) by connecting to a
non-responsive server, which triggers an infinite loop due to an
uninitialized variable.

Current thread:

HAVP 0.89 fixes a crash Raphael Marichez (Aug 14)
- Re: HAVP 0.89 fixes a crash Steven M. Christey (Aug 14)