Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2009-3305

Polipo 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a Cache-Control header that lacks a value for the max-age field, which triggers a segmentation fault in the httpParseHeaders function in http_parse.c, and possibly other unspecified vectors.

Related bugs and status

CVE-2009-3305 (Candidate) is related to these bugs:

Bug #533578: Port security patches for Polipo from Lucid to Karmic and below

Summary				In	Importance	Status
	533578	Port security patches for Polipo from Lucid to Karmic and below		polipo (Ubuntu)	Medium	Fix Released
	533578	Port security patches for Polipo from Lucid to Karmic and below		polipo (Ubuntu Karmic)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://bugs.debian.org...
CONFIRM: http://groups.google.c...
SECUNIA: 37607
BID: 37463
DEBIAN: DSA-2002
SECUNIA: 38647