VYPR

Polipo

by Polipo

CVEs (9)

  • CVE-2011-3596HigNov 26, 2019
    risk 0.53cvss 7.5epss 0.11

    Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-crafted HTTP POST / PUT request.

  • CVE-2021-38614HigAug 12, 2021
    risk 0.49cvss 7.5epss 0.01

    Polipo through 1.1.1, when NDEBUG is used, allows a heap-based buffer overflow during parsing of a Range header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

  • CVE-2020-36420HigJul 15, 2021
    risk 0.42cvss 7.5epss 0.02

    Polipo through 1.1.1, when NDEBUG is omitted, allows denial of service via a reachable assertion during parsing of a malformed Range header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

  • CVE-2009-4413Dec 24, 2009
    risk 0.04cvss epss 0.09

    The httpClientDiscardBody function in client.c in Polipo 0.9.8, 0.9.12, 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a large Content-Length value, which triggers an integer overflow, a signed-to-unsigned…

  • CVE-2009-3305Dec 24, 2009
    risk 0.04cvss epss 0.10

    Polipo 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a Cache-Control header that lacks a value for the max-age field, which triggers a segmentation fault in the httpParseHeaders function in http_parse.c, and…

  • CVE-2008-7191Sep 9, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Polipo before 1.0.4 allows remote attackers to cause a denial of service (crash) via a long request URL.

  • CVE-2007-4625Aug 31, 2007
    risk 0.00cvss epss 0.01

    Polipo before 1.0.2 allows remote HTTP servers to cause a denial of service (daemon crash) by aborting the response to a POST request.

  • CVE-2007-4626Aug 31, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Polipo before 1.0.2 allows remote attackers to cause a denial of service (daemon crash) via certain network traffic associated with entities larger than 2 Gb.

  • CVE-2005-3163Oct 6, 2005
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Polipo 0.9.8 and earlier allows attackers to read files outside of the web root.