Pps.jussieu Polipo : Security vulnerabilities, CVEs

Copy

CVE-2009-4413

The httpClientDiscardBody function in client.c in Polipo 0.9.8, 0.9.12, 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a large Content-Length value, which triggers an integer overflow, a signed-to-unsigned conversion error with a negative value, and a segmentation fault.

Max CVSS

5.0

EPSS Score

3.40%

Published

2009-12-24

Updated

2010-02-26

CVE-2009-3305

Polipo 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a Cache-Control header that lacks a value for the max-age field, which triggers a segmentation fault in the httpParseHeaders function in http_parse.c, and possibly other unspecified vectors.

Max CVSS

5.0

EPSS Score

1.99%

Published

2009-12-24

Updated

2010-02-26

CVE-2008-7191

Unspecified vulnerability in Polipo before 1.0.4 allows remote attackers to cause a denial of service (crash) via a long request URL.

Max CVSS

5.0

EPSS Score

0.20%

Published

2009-09-09

Updated

2009-09-10

3 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!