Andrew Bishop WWWOFFLE Negative Content-Length Buffer Overflow Vulnerability

A buffer overflow vulnerability has been reported for version 2.7b of WWWOFFLE. Reportedly, when wwwoffled receives a negative value for the Content-Length of a response, it will crash while trying to allocate memory.

A malicious web server may misrepresent the Content-length of a response, and will cause wwwoffle to crash. Remote execution of arbitrary code may be possible.


Privacy Statement
Copyright 2010, SecurityFocus