Cxxtools, a collection of general-purpose C++ classes, was found to be affected by a DoS vulnerability, where a remote attacker could DoS the server by sending a crafted HTTP query parameter containing two percent signs in a row, which would make the URL parsing to enter an infinite recursive loop, leading to a crash. The issue is said to be fixed in cxxtools 2.2.1. References: http://seclists.org/oss-sec/2014/q1/112 http://www.tntnet.org/download/cxxtools-2.2.1/Releasenotes-2.2.1.html Commit: https://github.com/maekitalo/cxxtools/commit/142bb2589dc184709857c08c1e10570947c444e3
Created cxxtools tracking bugs for this issue: Affects: fedora-all [bug 1055375]
cxxtools-2.2.1-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
already fixed with cxxtools-2.2.1-1.fc20