projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2914843) | patch
package/shellinabox: fix CVE-2018-16789
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Sat, 29 Feb 2020 22:55:11 +0000 (23:55 +0100)
committerYann E. MORIN <yann.morin.1998@free.fr>
Sun, 1 Mar 2020 07:36:09 +0000 (08:36 +0100)
commit5553223297a5ef07220ab5b45bf48973f7166950
treec63604e9c0ea0b29751196738427fae8cc10e35btree
parent2914843b394cf905f8bec98a23ba44c692f4b862commit | diff
package/shellinabox: fix CVE-2018-16789

libhttp/url.c in shellinabox through 2.20 has an implementation flaw in
the HTTP request parsing logic. By sending a crafted multipart/form-data
HTTP request, an attacker could exploit this to force shellinaboxd into
an infinite loop, exhausting available CPU resources and taking the
service down.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
package/shellinabox/0002-CVE-2018-16789-fix-for-broken-multipart-form-data.patch [new file with mode: 0644] blob
package/shellinabox/shellinabox.mk diff | blob | history