CVE-2009-4413

Name of the Vulnerable Software and Affected Versions Polipo versions 0.9.8 through 1.0.4

Description The issue concerns multiple vulnerabilities in the Polipo package of the Debian GNU/Linux operating system, which can be exploited remotely to disrupt the availability of protected information. Specifically, the httpClientDiscardBody function in client.c is vulnerable to a denial of service (crash) via a request with a large Content-Length value, triggering an integer overflow, a signed-to-unsigned conversion error with a negative value, and a segmentation fault.

Recommendations For Polipo versions 0.9.8 through 1.0.4, consider disabling the httpClientDiscardBody function as a temporary workaround until a patch is available. Restrict access to the client.c module to minimize the risk of exploitation. Avoid using the Content-Length parameter in affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.