mirror of
https://git.busybox.net/buildroot.git
synced 2024-12-12 06:43:43 +08:00
5553223297
libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> |
||
---|---|---|
.. | ||
0001-Makefile-disable-always-building-statically.patch | ||
0002-CVE-2018-16789-fix-for-broken-multipart-form-data.patch | ||
Config.in | ||
shellinabox.hash | ||
shellinabox.mk |