On Thu, 4 May 2017 23:36:23 +0300 Evgeny Grin <k...@yandex.ru> wrote:
> Thanks! Applied. > Hello Evgeny, After thinking about the issue, I guess that it is a serious vulnerability. I guess that a simple curl request to a server running 0.52 or 0.53 can raise the SEGV. IMHO if curl http://www.myserver.org/path-to-404 returns a 404 error curl -H "Connection: Upgrade" http://www.myserver.org/path-to-404 would raise the issue. I'll let you conclude but a CVE is probably a good idea. Best regards José
