Polipo
by Polipo
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2011-3596 | Hig | 0.53 | 7.5 | 0.11 | Nov 26, 2019 | Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-crafted HTTP POST / PUT request. | ||
| CVE-2021-38614 | Hig | 0.49 | 7.5 | 0.01 | Aug 12, 2021 | Polipo through 1.1.1, when NDEBUG is used, allows a heap-based buffer overflow during parsing of a Range header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||
| CVE-2020-36420 | Hig | 0.42 | 7.5 | 0.02 | Jul 15, 2021 | Polipo through 1.1.1, when NDEBUG is omitted, allows denial of service via a reachable assertion during parsing of a malformed Range header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||
| CVE-2009-4413 | 0.04 | — | 0.09 | Dec 24, 2009 | The httpClientDiscardBody function in client.c in Polipo 0.9.8, 0.9.12, 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a large Content-Length value, which triggers an integer overflow, a signed-to-unsigned… | |||
| CVE-2009-3305 | 0.04 | — | 0.10 | Dec 24, 2009 | Polipo 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a Cache-Control header that lacks a value for the max-age field, which triggers a segmentation fault in the httpParseHeaders function in http_parse.c, and… | |||
| CVE-2008-7191 | 0.00 | — | 0.01 | Sep 9, 2009 | Unspecified vulnerability in Polipo before 1.0.4 allows remote attackers to cause a denial of service (crash) via a long request URL. | |||
| CVE-2007-4625 | 0.00 | — | 0.01 | Aug 31, 2007 | Polipo before 1.0.2 allows remote HTTP servers to cause a denial of service (daemon crash) by aborting the response to a POST request. | |||
| CVE-2007-4626 | 0.00 | — | 0.01 | Aug 31, 2007 | Unspecified vulnerability in Polipo before 1.0.2 allows remote attackers to cause a denial of service (daemon crash) via certain network traffic associated with entities larger than 2 Gb. | |||
| CVE-2005-3163 | 0.00 | — | 0.01 | Oct 6, 2005 | Unspecified vulnerability in Polipo 0.9.8 and earlier allows attackers to read files outside of the web root. |
- risk 0.53cvss 7.5epss 0.11
Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-crafted HTTP POST / PUT request.
- risk 0.49cvss 7.5epss 0.01
Polipo through 1.1.1, when NDEBUG is used, allows a heap-based buffer overflow during parsing of a Range header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
- risk 0.42cvss 7.5epss 0.02
Polipo through 1.1.1, when NDEBUG is omitted, allows denial of service via a reachable assertion during parsing of a malformed Range header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
- CVE-2009-4413Dec 24, 2009risk 0.04cvss —epss 0.09
The httpClientDiscardBody function in client.c in Polipo 0.9.8, 0.9.12, 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a large Content-Length value, which triggers an integer overflow, a signed-to-unsigned…
- CVE-2009-3305Dec 24, 2009risk 0.04cvss —epss 0.10
Polipo 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a Cache-Control header that lacks a value for the max-age field, which triggers a segmentation fault in the httpParseHeaders function in http_parse.c, and…
- CVE-2008-7191Sep 9, 2009risk 0.00cvss —epss 0.01
Unspecified vulnerability in Polipo before 1.0.4 allows remote attackers to cause a denial of service (crash) via a long request URL.
- CVE-2007-4625Aug 31, 2007risk 0.00cvss —epss 0.01
Polipo before 1.0.2 allows remote HTTP servers to cause a denial of service (daemon crash) by aborting the response to a POST request.
- CVE-2007-4626Aug 31, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in Polipo before 1.0.2 allows remote attackers to cause a denial of service (daemon crash) via certain network traffic associated with entities larger than 2 Gb.
- CVE-2005-3163Oct 6, 2005risk 0.00cvss —epss 0.01
Unspecified vulnerability in Polipo 0.9.8 and earlier allows attackers to read files outside of the web root.