CVE-2020-36420 — Vulnetix

CVE-2020-36420 PUBLISHED

Polipo through 1.1.1, when NDEBUG is omitted, allows denial of service via a reachable assertion during parsing of a malformed Range header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

EPSS 0.68% · 72.0th percentile

Risk Scores

EPSS Score

0.68%

72.0th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:18.04:LTS	polipo	0, 1.1.1-7, 1.1.1-8
Ubuntu:16.04:LTS	polipo	0, 1.1.1-7

Exploit Intelligence

https://bugs.gentoo.org/755896 (nist-nvd)
https://www.openwall.com/lists/oss-security/2020/11/18/1 (nist-nvd)
https://github.com/jech/polipo/commit/4d42ca1b5849518762d110f34b6ce2e03d6df9ec (circl)
[oss-security] 20210718 Re: Polipo: denial-of-service using range (circl)

Timeline

Jul 14, 2021 CVE Published
Jul 15, 2021 EPSS Score
Sep 13, 2021 EPSS Score
Nov 11, 2021 EPSS Score
Jan 10, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Mar 10, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Jul 8, 2022 EPSS Score
Sep 6, 2022 EPSS Score
Nov 5, 2022 EPSS Score
Jan 4, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2020-36420 third-party-advisory
https://www.openwall.com/lists/oss-security/2020/11/18/1 third-party-advisory
https://bugs.gentoo.org/755896 third-party-advisory
https://github.com/jech/polipo/commit/4d42ca1b5849518762d110f34b6ce2e03d6df9ec third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2020-36420 third-party-advisory

Open in Interactive Console →