Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2009-4413

Published: 24/12/2009 Updated: 26/02/2010
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Polipo

Vulnerability Summary

The httpClientDiscardBody function in client.c in Polipo 0.9.8, 0.9.12, 1.0.4, and possibly other versions, allows remote malicious users to cause a denial of service (crash) via a request with a large Content-Length value, which triggers an integer overflow, a signed-to-unsigned conversion error with a negative value, and a segmentation fault.

Vulnerable Product Search on Vulmon Subscribe to Product

pps.jussieu polipo 0.9.12

pps.jussieu polipo 0.9.8

pps.jussieu polipo 1.0.4

Vendor Advisories

Debian CVElist Bug Report Logs: polipo: DoS via overly large "Content-Length" header
Debian Bug report logs - #560779 polipo: DoS via overly large "Content-Length" header Package: polipo; Maintainer for polipo is Debian QA Group <packages@qadebianorg>; Source for polipo is src:polipo (PTS, buildd, popcon) Reported by: Raphael Geissert <geissert@debianorg> Date: Sat, 12 Dec 2009 06:48:01 UTC Sever ...
Debian CVElist Bug Report Logs: polipo crashes when server reply contains "Cache-Control: max-age"
Debian Bug report logs - #547047 polipo crashes when server reply contains "Cache-Control: max-age" Package: polipo; Maintainer for polipo is Debian QA Group <packages@qadebianorg>; Source for polipo is src:polipo (PTS, buildd, popcon) Reported by: Stefan Fritsch <sf@sfritschde> Date: Wed, 16 Sep 2009 21:51:01 UTC ...
Debian Security Advisories: DSA-2002-1 polipo -- denial of service
Several denial of service vulnerabilities have been discovered in polipo, a small, caching web proxy The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3305 A malicous remote sever could cause polipo to crash by sending an invalid Cache-Control header CVE-2009-4143 A malicous client could cau ...

Exploits

Exploit DB: Polipo 1.0.4 - Remote Memory Corruption (PoC)
#!/usr/bin/perl # estrangedpl # AKA # Polipo 104 Remote Memory Corruption 0day PoC # # Jeremy Brown [0xjbrown41@gmailcom//jbrownsecblogspotcom//krakowlabscom] 12072009 # # ********************************************************************************************************* # # Hzzp loves you Polipo! # # No use reporting this issue to U ...

References

CWE-189http://www.openwall.com/lists/oss-security/2009/12/12/4http://secunia.com/advisories/37607http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560779http://www.exploit-db.com/exploits/10338http://www.securityfocus.com/bid/37463http://www.debian.org/security/2010/dsa-2002http://secunia.com/advisories/38647https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560779https://www.exploit-db.com/exploits/10338/https://www.debian.org/security/./dsa-2002
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook