CVE-2009-4413
CVE-2009-4413
The httpClientDiscardBody function in client.c in Polipo 0.9.8, 0.9.12, 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a large Content-Length value, which triggers an integer overflow, a signed-to-unsigned conversion error with a negative value, and a segmentation fault.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/10338unverifiedexploitdbwww.exploit-db.com/exploits/10338unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560779http://secunia.com/advisories/37607http://secunia.com/advisories/38647http://www.debian.org/security/2010/dsa-2002http://www.exploit-db.com/exploits/10338http://www.openwall.com/lists/oss-security/2009/12/12/4http://www.securityfocus.com/bid/37463