Date: Sat, 12 Dec 2009 01:00:15 -0600 From: Raphael Geissert <geissert@...ian.org> To: oss-security@...ts.openwall.com Subject: CVE request: polipo DoS via overly large "Content-Length" header -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, A vulnerability has been found in polipo that allows a remote attacker to crash the daemon via an overly large "Content-Length" header. The vulnerability is caused by connection->reqlen (in client.c: httpClientDiscardBody()) being a signed integer which can be overflowed turning it into a negative value which later leads to a segmentation fault in the call to memmove. References: http://www.exploit-db.com/exploits/10338 http://bugs.debian.org/560779 http://secunia.com/advisories/37607/ Could a CVE be assigned? Thanks in advance. Regards - -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAksjP4MACgkQYy49rUbZzlqESQCdG3O9usXILnu4G6NuMmfUcQ2b uYMAn1Y54+xj89y3cqXrpeQHUirdrr6E =KUfO -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.