CVE-2009-3305

Description

Polipo 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a Cache-Control header that lacks a value for the max-age field, which triggers a segmentation fault in the httpParseHeaders function in http_parse.c, and possibly other unspecified vectors.

Affected packages (2)

• Debian/polipofrom 0, < 1.0.4-1.1
• Debian/polipofrom 0, < 1.0.4-1+lenny1

References (6)

• ADVISORYhttp://secunia.com/advisories/37607
• ADVISORYhttp://secunia.com/advisories/38647
• ADVISORYhttp://www.debian.org/security/2010/dsa-2002
• WEBhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=547047
• WEBhttp://groups.google.com/group/linux.debian.bugs.dist/browse_thread/thread/dca6877a8117f0df
• WEBhttp://www.securityfocus.com/bid/37463