Polipo 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a Cache-Control header that lacks a value for the max-age field, which triggers a segmentation fault in the httpParseHeaders function in http_parse.c, and possibly other unspecified vectors.
References
Configurations
Information
Published : 2009-12-24 08:30
Updated : 2010-02-25 23:08
NVD link : CVE-2009-3305
Mitre link : CVE-2009-3305
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
pps.jussieu
- polipo