Vulnerability Details CVE-2020-36420
Polipo through 1.1.1, when NDEBUG is omitted, allows denial of service via a reachable assertion during parsing of a malformed Range header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.3%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 4.3
References
- http://www.openwall.com/lists/oss-security/2021/07/18/1
- https://bugs.gentoo.org/755896
- https://github.com/jech/polipo/commit/4d42ca1b5849518762d110f34b6ce2e03d6df9ec
- https://www.openwall.com/lists/oss-security/2020/11/18/1
- http://www.openwall.com/lists/oss-security/2021/07/18/1
- https://bugs.gentoo.org/755896
- https://github.com/jech/polipo/commit/4d42ca1b5849518762d110f34b6ce2e03d6df9ec
- https://www.openwall.com/lists/oss-security/2020/11/18/1
Products affected by CVE-2020-36420
-
cpe:2.3:a:polipo_project:polipo:0.9.2
-
cpe:2.3:a:polipo_project:polipo:0.9.3
-
cpe:2.3:a:polipo_project:polipo:0.9.4
-
cpe:2.3:a:polipo_project:polipo:0.9.5
-
cpe:2.3:a:polipo_project:polipo:0.9.99.0
-
cpe:2.3:a:polipo_project:polipo:0.9.99.1
-
cpe:2.3:a:polipo_project:polipo:0.9.99.2
-
cpe:2.3:a:polipo_project:polipo:1.0.0
-
cpe:2.3:a:polipo_project:polipo:1.0.1
-
cpe:2.3:a:polipo_project:polipo:1.0.2
-
cpe:2.3:a:polipo_project:polipo:1.0.3
-
cpe:2.3:a:polipo_project:polipo:1.0.4
-
cpe:2.3:a:polipo_project:polipo:1.0.4.1
-
cpe:2.3:a:polipo_project:polipo:1.1.0
-
cpe:2.3:a:polipo_project:polipo:1.1.1