Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2009-4413

The httpClientDiscardBody function in client.c in Polipo 0.9.8, 0.9.12, 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a large Content-Length value, which triggers an integer overflow, a signed-to-unsigned conversion error with a negative value, and a segmentation fault.

Related bugs and status

CVE-2009-4413 (Candidate) is related to these bugs:

Bug #533578: Port security patches for Polipo from Lucid to Karmic and below

Summary				In	Importance	Status
	533578	Port security patches for Polipo from Lucid to Karmic and below		polipo (Ubuntu)	Medium	Fix Released
	533578	Port security patches for Polipo from Lucid to Karmic and below		polipo (Ubuntu Karmic)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2009121...
CONFIRM: http://bugs.debian.org...
SECUNIA: 37607
BID: 37463
DEBIAN: DSA-2002
SECUNIA: 38647
EXPLOIT-DB: 10338