thr3ads.net - Secure testing team - [Secure-testing-team] Bug#496034: CVE-2008-3688: DoS by infinite loop [Aug 2008]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Steffen Joeris

2008-Aug-22 08:22 UTC

[Secure-testing-team] Bug#496034: CVE-2008-3688: DoS by infinite loop

Package: havp
Severity: grave
Tags: security, patch
Justification: user security hole

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for havp.

CVE-2008-3688[0]:
| sockethandler.cpp in HTTP Antivirus Proxy (HAVP) 0.88 allows remote
| attackers to cause a denial of service (hang) by connecting to a
| non-responsive server, which triggers an infinite loop due to an
| uninitialized variable.

You''ll find a patch here[1].

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

Cheers
Steffen

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3688
    http://security-tracker.debian.net/tracker/CVE-2008-3688
[1] http://bugs.endian.it/view.php?id=1129

Secure testing team - Aug 2008 - Bug#496034: CVE-2008-3688: DoS by infinite loop

[Secure-testing-team] Bug#496034: CVE-2008-3688: DoS by infinite loop