5553223297
libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> |
||
|---|---|---|
| .. | ||
| 0001-Makefile-disable-always-building-statically.patch | ||
| 0002-CVE-2018-16789-fix-for-broken-multipart-form-data.patch | ||
| Config.in | ||
| shellinabox.hash | ||
| shellinabox.mk | ||