2 matches found
Buffer overflow
Off-by-one error in src/http.c in CoreHTTP 0.5.3.1 and earlier allows remote attackers to cause a denial of service or possibly execute arbitrary code via an HTTP request with a long first line that triggers a buffer overflow. NOTE: this vulnerability reportedly exists because of an incorrect fix...
CVE-2007-4060
CVE-2007-4060 affects CoreHTTP (corehttp) 0.5.3alpha, with multiple buffer overflows in HttpSprockMake in http.c. An attacker could craft an HTTP request with a long method name or URI to trigger arbitrary code execution remotely. The NVD entry lists a high CVSS:2.0 base score 9.0 (Network, Low a...