CVE-2009-3305

Name of the Vulnerable Software and Affected Versions Polipo version 1.0.4

Description The issue allows remote attackers to cause a denial of service, potentially leading to a crash, via a request with a Cache-Control header that lacks a value for the max-age field. This triggers a segmentation fault in the httpParseHeaders function in http parse.c. There are possibly other unspecified vectors for this issue. The exploitation of these vulnerabilities can lead to disruption of protected information and can be carried out remotely.

Recommendations For Polipo version 1.0.4, consider disabling the httpParseHeaders function in http parse.c as a temporary workaround until a patch is available. Restrict access to the Cache-Control header to minimize the risk of exploitation. Avoid using the max-age field without a value in the Cache-Control header until the issue is resolved.