CVE-2009-4413
Polipo <1.0.4 - DoS
Title source: llmDescription
The httpClientDiscardBody function in client.c in Polipo 0.9.8, 0.9.12, 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a large Content-Length value, which triggers an integer overflow, a signed-to-unsigned conversion error with a negative value, and a segmentation fault.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Jeremy Brown · perldoslinux
https://www.exploit-db.com/exploits/10338
References (7)
Scores
EPSS
0.1241
EPSS Percentile
93.9%
Details
CWE
CWE-189
Status
published
Products (3)
pps.jussieu/polipo
0.9.8
pps.jussieu/polipo
0.9.12
pps.jussieu/polipo
1.0.4
Published
Dec 24, 2009
Tracked Since
Feb 18, 2026