Ubuntu 16.04 ESM / 18.04 ESM : Tinyproxy vulnerability (USN-4808-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-4808-1 advisory. It was discovered that Tinyproxy created its pid file with insecure permissions. An attacker could use the vulnerability to cause arbitrary processes ...

Tinyproxy: Memory Disclosure

Background Tinyproxy is a light-weight HTTP/HTTPS proxy daemon for POSIX operating systems. Description Tinyproxy's request processing does not sufficiently null-initialize variables used in error pages. Impact Contents of the Tinyproxy server's memory could be disclosed via generated error pages...

GLSA-202305-27 : Tinyproxy: Memory Disclosure

The remote host is affected by the vulnerability described in GLSA-202305-27 Tinyproxy: Memory Disclosure - Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in...

SUSE CVE-2012-3505

Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial of service CPU and memory consumption via 1 a large number of headers or 2 a large number of forged headers that trigger hash collisions predictably. bucket...

SUSE CVE-2017-11747

main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.pid modification before a root script executes a...

SUSE CVE-2022-40468

Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in processrequest function...

Ubuntu: Security Advisory (USN-4808-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Information Exposure

Tinyproxy is vulnerable to information exposure.The vulnerability exists in processrequest function due to the lack of processing of the HTTP request lines which allows attackers to exploit this vulnerability to access sensitive information at system runtime...

ALPINE-CVE-2022-40468

Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in processrequest function...

DEBIAN-CVE-2022-40468

Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in processrequest function...

CVE-2022-40468

Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in processrequest function...

CVE-2022-40468

Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in processrequest function...

Heap overflow

Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in processrequest function...

CVE-2022-40468

CVE-2022-40468 affects tinyproxy. The issue is a potential leak of left-over heap data when using custom error page templates with non-standard variables, caused by uninitialized buffers in process_request() and related header handling. Multiple advisories confirm risk across distros, including D...

Tinyproxy 安全漏洞

Tinyproxy is a small, efficient HTTP/SSL proxy daemon from the Tinyproxy open source. A security vulnerability exists in Tinyproxy that stems from not handling HTTP request lines in the processrequest function and is using uninitialized buffers. An attacker could exploit the vulnerability to acce...

PT-2022-25392 · Tinyproxy +2 · Tinyproxy +2

Name of the Vulnerable Software and Affected Versions: Tinyproxy versions prior to commit 84f203f Description: The issue is related to a potential leak of left-over heap data when custom error page templates containing special non-standard variables are used. This occurs because Tinyproxy commit...

CVE-2022-40468

Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in processrequest function...

CVE-2022-40468

Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in processrequest function...

USN-4808-1 tinyproxy vulnerability

It was discovered that Tinyproxy created its pid file with insecure permissions. An attacker could use the vulnerability to cause arbitrary processes to be killed, resulting in a denial of service...

USN-4808-1: Tinyproxy vulnerability

It was discovered that Tinyproxy created its pid file with insecure permissions. An attacker could use the vulnerability to cause arbitrary processes to be killed, resulting in a denial of service...