{"id":"CVE-2009-3305","details":"Polipo 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a Cache-Control header that lacks a value for the max-age field, which triggers a segmentation fault in the httpParseHeaders function in http_parse.c, and possibly other unspecified vectors.","modified":"2024-06-04T04:00:19Z","published":"2009-12-24T16:30:00Z","withdrawn":"2024-06-30T15:58:30.884569Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/37607"},{"type":"ADVISORY","url":"http://secunia.com/advisories/38647"},{"type":"ADVISORY","url":"http://www.debian.org/security/2010/dsa-2002"},{"type":"WEB","url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=547047"},{"type":"WEB","url":"http://groups.google.com/group/linux.debian.bugs.dist/browse_thread/thread/dca6877a8117f0df"},{"type":"WEB","url":"http://www.securityfocus.com/bid/37463"}],"affected":[{"package":{"name":"polipo","ecosystem":"Debian:10","purl":"pkg:deb/debian/polipo?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.4-1.1"}]}],"ecosystem_specific":{"urgency":"low"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2009-3305.json"}}],"schema_version":"1.7.3"}