[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [libmicrohttpd] [PATCH] Check response existence on upgrade

From: José Bollo
Subject: Re: [libmicrohttpd] [PATCH] Check response existence on upgrade
Date: Fri, 5 May 2017 10:23:13 +0200

On Thu, 4 May 2017 23:36:23 +0300
Evgeny Grin <address@hidden> wrote:

> Thanks! Applied.

Hello Evgeny,

After thinking about the issue, I guess that it is a serious

I guess that a simple curl request to a server running 0.52 or 0.53 can
raise the SEGV.

IMHO if 


returns a 404 error

 curl -H "Connection: Upgrade"

would raise the issue.

I'll let you conclude but a CVE is probably a good idea.

Best regards

reply via email to

[Prev in Thread] Current Thread [Next in Thread]