wget HTTP integer overflow(CVE-2017-13089)

That’s an interesting vulnerability in GNU wget. According to the wget project, this was reported by Antti Levomäki, Christian Jalio, Joonas Pihlaja of Forcepoint as well as Juhani Eronen of the Finnish National Cyber Security Centre. The vulnerability is in src/http.c source code file and more...

CVE-2017-13089

The http.c:skipshortbody function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then...

CVE-2017-13089

Summary: CVE-2017-13089 affects wget prior to 1.19.2. The issue is a stack-based buffer overflow in the HTTP protocol handling for chunked responses, caused by parsing chunk lengths with strtol() without enforcing non-negativity, leading to an attacker-controlled length passed to fd_read(). A rel...

CVE-2017-13089

The http.c:skipshortbody function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then...

CVE-2017-13089

The http.c:skipshortbody function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then...

GoAhead Denial of Service Vulnerability

GoAhead is the United States Embedthis company a small embedded Web server , it supports embedded in a variety of devices and applications . A denial of service vulnerability exists in the 'websDecodeUrl' function of the http.c file in GoAhead versions 3.4.0 through 3.6.5. An attacker can exploit...

Null pointer dereference

GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request...

CVE-2017-14149

GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request...

Remote Code Execution (RCE)

ffmpeg is vulnerable to remote code execution RCE. Wrong usage of strtoll in the httpreadstream function in http.c passes a negative chunksize in chunk encoding. Therefore, it leads to a buffer overflow allocated next to the AVIOContext structure which eventually causes rip control and then code...

CVE-2012-6128

Multiple stack-based buffer overflows in http.c in OpenConnect before 4.08 allow remote VPN gateways to cause a denial of service application crash via a long 1 hostname, 2 path, or 3 cookie list in a response...

UBUNTU-CVE-2012-6128

Multiple stack-based buffer overflows in http.c in OpenConnect before 4.08 allow remote VPN gateways to cause a denial of service application crash via a long 1 hostname, 2 path, or 3 cookie list in a response...

CVE-2012-6128

Multiple stack-based buffer overflows in http.c in OpenConnect before 4.08 allow remote VPN gateways to cause a denial of service application crash via a long 1 hostname, 2 path, or 3 cookie list in a response...

CVE-2012-6128

Multiple stack-based buffer overflows in http.c in OpenConnect before 4.08 allow remote VPN gateways to cause a denial of service application crash via a long 1 hostname, 2 path, or 3 cookie list in a response...

CoreHTTP 'src/http.c ' Buffer Overflow Vulnerability

CoreHTTP is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service. This issue...

CVE-2008-4829

Multiple buffer overflows in lib/http.c in Streamripper 1.63.5 allow remote attackers to execute arbitrary code via 1 a long "Zwitterion v" HTTP header, related to the httpparsescheader function; 2 a crafted pls playlist with a long entry, related to the httpgetpls function; or 3 a crafted m3u...

Streamripper lib/http.c文件多个缓冲区溢出漏洞

BUGTRAQ ID: 32356 CVECAN ID: CVE-2008-4829 StreamRipper能够将网上的MP3流媒体保存到硬盘中，特别适合录制网络MP3广播。 Streamripper的lib/http.c文件中的httpparsescheader函数在解析以Zwitterion v开始的超长HTTP头时、httpgetpls函数在解析包含有超长项的特制pls播放列表时、httpgetm3u函数在解析包含有超长File项的特制m3u播放列表时存在缓冲区溢出漏洞。如果用户受骗连接到了恶意的服务器并加载了恶意的媒体文件的话，就可以触发这些溢出，导致执行任意指令。...

CoreHTTP http.c远程缓冲区溢出漏洞

BUGTRAQ ID: 25120 CoreHTTP是一款小型的Web服务器。 CoreHTTP在处理超长用户请求时存在缓冲区溢出漏洞，远程攻击者可能利用此漏洞控制服务器。 CoreHTTP的http.c文件中存在缓冲区溢出漏洞： ----------------------------------------------------------------------- struct sprockt HttpSprockMakestruct sprockt parentsprock struct sprockt sprocket; char reqPATHSIZE,...

CVE-2007-4060

CVE-2007-4060 affects CoreHTTP (corehttp) 0.5.3alpha, with multiple buffer overflows in HttpSprockMake in http.c. An attacker could craft an HTTP request with a long method name or URI to trigger arbitrary code execution remotely. The NVD entry lists a high CVSS:2.0 base score 9.0 (Network, Low a...

CVE-2005-0241

The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size...

CVE-2005-0241

The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size...