]> git.ipfire.org Git - thirdparty/asterisk.git/commit
projects / thirdparty / asterisk.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0c01442) | patch
AST-2014-001: Stack overflow in HTTP processing of Cookie headers.
authorRichard Mudgett <rmudgett@digium.com>
Mon, 10 Mar 2014 17:09:42 +0000 (17:09 +0000)
committerRichard Mudgett <rmudgett@digium.com>
Mon, 10 Mar 2014 17:09:42 +0000 (17:09 +0000)
commit771a703366af09a144ffa22d9fa7fb3930d56345
tree69679f3d1476e225c7ac5dce72d71e94d8ad5307tree | snapshot
parent0c014422c15a92df42011255cb40c20c29323154commit | diff
AST-2014-001: Stack overflow in HTTP processing of Cookie headers.

Sending a HTTP request that is handled by Asterisk with a large number of
Cookie headers could overflow the stack.

Another vulnerability along similar lines is any HTTP request with a
ridiculous number of headers in the request could exhaust system memory.

(closes issue ASTERISK-23340)
Reported by: Lucas Molas, researcher at Programa STIC, Fundacion; and Dr. Manuel Sadosky, Buenos Aires, Argentina
........

Merged revisions 410380 from http://svn.asterisk.org/svn/asterisk/branches/1.8

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@410381 65c4cc65-6c06-0410-ace0-fbb531ad65f3
main/http.c diff | blob | blame | history
Mirror of https://github.com/asterisk/asterisk.git