Search CVE reports
1 – 6 of 6 results
CVE-2023-49606
Medium prioritySome fixes available 1 of 5
A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption...
1 affected package
tinyproxy
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tinyproxy | Vulnerable | Vulnerable | Vulnerable | Not affected | Not affected |
CVE-2022-40468
Medium prioritySome fixes available 4 of 8
Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in process_request() function.
1 affected package
tinyproxy
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tinyproxy | Not affected | Fixed | Fixed | Fixed | Fixed |
CVE-2017-11747
Medium prioritySome fixes available 3 of 5
main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root...
1 affected package
tinyproxy
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tinyproxy | — | Not affected | Not affected | Fixed | Fixed |
CVE-2012-3505
Medium prioritySome fixes available 1 of 10
Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via (1) a large number of headers or (2) a large number of forged headers that trigger hash collisions predictably. bucket.
1 affected package
tinyproxy
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tinyproxy | — | — | — | — | — |
CVE-2011-1843
Medium priorityInteger overflow in conf.c in Tinyproxy before 1.8.3 might allow remote attackers to bypass intended access restrictions in opportunistic circumstances via a TCP connection, related to improper handling of invalid port numbers.
1 affected package
tinyproxy
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tinyproxy | — | — | — | — | — |
CVE-2011-1499
Medium prioritySome fixes available 2 of 5
acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging...
1 affected package
tinyproxy
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
tinyproxy | — | — | — | — | — |