oss-sec mailing list archives
Re: CVE request: polipo DoS via overly large "Content-Length" header
From: "Steven M. Christey" <coley () linus mitre org>
Date: Wed, 23 Dec 2009 18:10:27 -0500 (EST)
On Sat, 12 Dec 2009, Raphael Geissert wrote:
A vulnerability has been found in polipo that allows a remote attacker to crash the daemon via an overly large "Content-Length" header.
Use CVE-2009-4413, to be filled in later.Note: CVE-2009-3305 has been assigned to a separate crash using a malformed Cache-Control line, as documented in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=547047
- Steve
Current thread:
- CVE request: polipo DoS via overly large "Content-Length" header Raphael Geissert (Dec 12)
- Re: CVE request: polipo DoS via overly large "Content-Length" header Steven M. Christey (Dec 23)