[Secure-testing-team] Bug#496034: CVE-2008-3688: DoS by infinite loop
Steffen Joeris
steffen.joeris at skolelinux.de
Fri Aug 22 08:22:36 UTC 2008
Package: havp
Severity: grave
Tags: security, patch
Justification: user security hole
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for havp.
CVE-2008-3688[0]:
| sockethandler.cpp in HTTP Antivirus Proxy (HAVP) 0.88 allows remote
| attackers to cause a denial of service (hang) by connecting to a
| non-responsive server, which triggers an infinite loop due to an
| uninitialized variable.
You'll find a patch here[1].
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
Cheers
Steffen
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3688
http://security-tracker.debian.net/tracker/CVE-2008-3688
[1] http://bugs.endian.it/view.php?id=1129
More information about the Secure-testing-team
mailing list