Name | CVE-2007-6000 |
Description | KDE Konqueror 3.5.6 and earlier allows remote attackers to cause a denial of service (crash) via large HTTP cookie parameters. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Debian Bugs | 451794 |
The information below is based on the following data on fixed versions.
Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
---|
kdebase | source | (unstable) | (unfixed) | unimportant | | 451794 |
Notes
not reproducible with 4:3.5.8.dfsg.1-1, poked maintainer
it seems konqueror only treats the cookie value until some special length
as cookie, after this length it will open the rest as site content. This eats alot
ram and cpu but depending on how much ram the system has, konqueror will die after
no memory is left, not treated as security problem.