Chinarulezzz

**Name of the Vulnerable Software and Affected Versions** Polipo versions 1.1.1 and earlier **Description** The issue allows a heap-based buffer overflow during parsing of a Range header when NDEBUG is used. This only affects products that are no longer supported by the maintainer. **Recommendations** For Polipo version 1.1.1 and earlier, as a temporary workaround, consider disabling the use of NDEBUG until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Polipo versions 1.1.1 and earlier **Description** The issue is related to the insufficient use of the `assert()` function in the Polipo proxy server, allowing a remote attacker to cause a denial of service. This can be achieved by parsing a malformed Range header, leading to a reachable assertion. The vulnerability only affects products that are no longer supported by the maintainer. **Recommendations** For Polipo versions 1.1.1 and earlier, consider disabling the parsing of Range headers as a temporary workaround until a patch is available. Restrict access to the proxy server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.