253 matches found
Fedora 44 : tinyproxy (2026-9695fbdabb)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-9695fbdabb advisory. Backport upstream fixes for CVE-2026-3945 and CVE-2026-31842. Tenable has extracted the preceding description block directly from the Fedora securit...
[SECURITY] Fedora 44 Update: tinyproxy-1.11.2-7.fc44
tinyproxy is a small, efficient HTTP/SSL proxy daemon that is very useful in a small network setting, where a larger proxy like Squid would either be too resource intensive, or a security risk...
[SECURITY] Fedora 42 Update: tinyproxy-1.11.2-7.fc42
tinyproxy is a small, efficient HTTP/SSL proxy daemon that is very useful in a small network setting, where a larger proxy like Squid would either be too resource intensive, or a security risk...
[SECURITY] Fedora 43 Update: tinyproxy-1.11.2-7.fc43
tinyproxy is a small, efficient HTTP/SSL proxy daemon that is very useful in a small network setting, where a larger proxy like Squid would either be too resource intensive, or a security risk...
Fedora 42 : tinyproxy (2026-d67a979089)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d67a979089 advisory. Backport upstream fixes for CVE-2026-3945 and CVE-2026-31842. Tenable has extracted the preceding description block directly from the Fedora securit...
Fedora 43 : tinyproxy (2026-d8daf8790f)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-d8daf8790f advisory. Backport upstream fixes for CVE-2026-3945 and CVE-2026-31842. Tenable has extracted the preceding description block directly from the Fedora securit...
Fedora 45 : tinyproxy (2026-1c7a717dbc)
The remote Fedora 45 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-1c7a717dbc advisory. Automatic update for tinyproxy-1.11.3-2.fc45. Changelog Wed Apr 8 2026 Carl George - 1.11.3-2 - Backport upstream CVE fixes - Fixes rhbz2452969...
Linux Distros Unpatched Vulnerability : CVE-2026-31842
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs....
SUSE CVE-2026-31842
Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The ischunkedtransfer function uses strcmp to compare the header value against "chunked", even though RFC 7230 specifies that...
EUVD-2026-19603
Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The ischunkedtransfer function uses strcmp to compare the header value against "chunked", even though RFC 7230 specifies that...
CVE-2026-31842
Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The ischunkedtransfer function uses strcmp to compare the header value against "chunked", even though RFC 7230 specifies that...
DEBIAN-CVE-2026-31842
Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The ischunkedtransfer function uses strcmp to compare the header value against "chunked", even though RFC 7230 specifies that...
CVE-2026-31842
Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The ischunkedtransfer function uses strcmp to compare the header value against "chunked", even though RFC 7230 specifies that...
UBUNTU-CVE-2026-31842
Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The ischunkedtransfer function uses strcmp to compare the header value against "chunked", even though RFC 7230 specifies that...
CVE-2026-31842 Tinyproxy HTTP request parsing desynchronization via case-sensitive Transfer-Encoding handling
Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The ischunkedtransfer function uses strcmp to compare the header value against "chunked", even though RFC 7230 specifies that...
CVE-2026-31842
Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The ischunkedtransfer function uses strcmp to compare the header value against "chunked", even though RFC 7230 specifies that...
CVE-2026-31842 Tinyproxy HTTP request parsing desynchronization via case-sensitive Transfer-Encoding handling
Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The ischunkedtransfer function uses strcmp to compare the header value against "chunked", even though RFC 7230 specifies that...
CVE-2026-31842
Tinyproxy 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive Transfer-Encoding check in is_chunked_transfer() (strcmp against "chunked"). RFC 7230 requires case-insensitive transfer-coding names. An unauthenticated attacker sending Transfer-Encoding: Chunked ca...
CVE-2026-31842
Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The ischunkedtransfer function uses strcmp to compare the header value against "chunked", even though RFC 7230 specifies that...
Tinyproxy 安全漏洞
Tinyproxy is a small, efficient HTTP/SSL proxy daemon developed by Tinyproxy. Versions of Tinyproxy 1.11.3 and earlier contained security vulnerabilities. These vulnerabilities stemmed from asynchronous HTTP request parsing, which could lead to denial-of-service attacks or bypassing security chec...