Package: cxxtools Version: 2.2-1 Severity: important Tags: security, fixed-upstream
Description: By sending a crafted HTTP query parameter containing two percent signs in a row, URL parsing would enter an infinite recursive loop, leading to a crash. This allows a remote attacker to DOS the server. Affected versions: current releases (<= 2.2) Fixed in version: 2.2.1 Fix: https://github.com/maekitalo/cxxtools/commit/142bb2589dc184709857c08c1e10570947c444e3 Release notes: http://www.tntnet.org/download/cxxtools-2.2.1/Releasenotes-2.2.1.markdown Reported by: Julian Wiesener CVE request: http://www.openwall.com/lists/oss-security/2014/01/18/5 --- Henri Salo
signature.asc
Description: Digital signature
