253 matches found
PT-2026-30811
Name of the Vulnerable Software and Affected Versions Tinyproxy versions 1.0 through 1.11.3 Description An issue exists in the way the Transfer-Encoding header is parsed in src/reqs.c. The is chunked transfer function uses strcmp to compare the header value against "chunked", failing to account f...
VulnCheck KEV: CVE-2023-49606
A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote code execution. An attacker needs to make ...
openSUSE 16 Security Update : tinyproxy (openSUSE-SU-2026:20456-1)
The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20456-1 advisory. Changes in tinyproxy: - CVE-2026-3945: Fixed denial of service by unauthenticated remote attacker boo1261024 - Update to release 1.11.3 conf: add...
OPENSUSE-SU-2026:20456-1 Security update for tinyproxy
This update for tinyproxy fixes the following issues: Changes in tinyproxy: - CVE-2026-3945: Fixed denial of service by unauthenticated remote attacker boo1261024 - Update to release 1.11.3 conf: add BasicAuthRealm feature basic auth: fix error status 401 vs 407 tinyproxy.conf.5: explain what a...
SUSE CVE-2026-3945
An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to and including version 1.11.3 allows an unauthenticated remote attacker to cause a denial of service DoS. The issue occurs because chunk size values are parsed using strtol without properly validating...
OPENSUSE-SU-2026:10471-1 tinyproxy-1.11.3-2.1 on GA media
These are all security issues fixed in the tinyproxy-1.11.3-2.1 package on the GA media of openSUSE Tumbleweed...
Security update for tinyproxy (important)
openSUSE Security Update: Security update for tinyproxy Announcement ID: openSUSE-SU-2026:0111-1 Rating: important References: 1261024 Cross-References: CVE-2026-3945 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description: This update...
Linux Distros Unpatched Vulnerability : CVE-2026-3945
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to and including version 1.11.3 allows an unauthenticated remote...
CVE-2026-3945
A flaw was found in tinyproxy. An unauthenticated remote attacker can exploit an integer overflow vulnerability in the HTTP chunked transfer encoding parser. By sending a crafted HTTP request with a specially formed chunk size, the attacker can cause the proxy to miscalculate the size of incoming...
EUVD-2026-17066
An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to and including version 1.11.3 allows an unauthenticated remote attacker to cause a denial of service DoS. The issue occurs because chunk size values are parsed using strtol without properly validating...
CVE-2026-3945
An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to and including version 1.11.3 allows an unauthenticated remote attacker to cause a denial of service DoS. The issue occurs because chunk size values are parsed using strtol without properly validating...
UBUNTU-CVE-2026-3945
An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to and including version 1.11.3 allows an unauthenticated remote attacker to cause a denial of service DoS. The issue occurs because chunk size values are parsed using strtol without properly validating...
CVE-2026-3945
An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to and including version 1.11.3 allows an unauthenticated remote attacker to cause a denial of service DoS. The issue occurs because chunk size values are parsed using strtol without properly validating...
CVE-2026-3945
An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to and including version 1.11.3 allows an unauthenticated remote attacker to cause a denial of service DoS. The issue occurs because chunk size values are parsed using strtol without properly validating...
CVE-2026-3945
An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to and including version 1.11.3 allows an unauthenticated remote attacker to cause a denial of service DoS. The issue occurs because chunk size values are parsed using strtol without properly validating...
CVE-2026-3945
An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to and including version 1.11.3 allows an unauthenticated remote attacker to cause a denial of service DoS. The issue occurs because chunk size values are parsed using strtol without properly validating...
CVE-2026-3945
Tinyproxy (up to 1.11.3) contains an integer overflow in the HTTP chunked transfer encoding parser. Chunk sizes are parsed with strtol() without proper overflow validation, allowing a crafted size (e.g., LONG_MAX) to bypass checks and overflow arithmetic (chunklen + 2). This can cause the proxy t...
Tinyproxy 安全漏洞
Tinyproxy is a small, efficient HTTP/SSL proxy daemon developed by Tinyproxy. Versions of Tinyproxy 1.11.3 and earlier contain security vulnerabilities, which stem from integer overflows in the HTTP chunked transmission encoding parser, potentially leading to denial-of-service attacks...
ROS-20260310-73-0020
Vulnerability in tinyproxy related to integer overflow. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
PT-2026-28803
Name of the Vulnerable Software and Affected Versions tinyproxy versions up to and including 1.11.3 Description An integer overflow in the HTTP chunked transfer encoding parser can lead to a denial of service DoS. The issue arises because chunk size values are parsed without proper overflow...