Lucene search

K

Tinyproxy Security Vulnerabilities

cve
cve

CVE-2023-49606

A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote code execution. An attacker needs to make...

9.8CVSS

9.7AI Score

0.001EPSS

2024-05-01 04:15 PM
45
cve
cve

CVE-2022-40468

Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in process_request()...

7.5CVSS

7.4AI Score

0.002EPSS

2022-09-19 05:15 PM
34
3
cve
cve

CVE-2017-11747

main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.pid modification before a root script executes a.....

5.5CVSS

5.6AI Score

0.0004EPSS

2017-07-30 04:29 PM
50
cve
cve

CVE-2002-0847

tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers to execute arbitrary code via memory that is freed twice...

7.6AI Score

0.019EPSS

2003-04-02 05:00 AM
34
cve
cve

CVE-2001-0129

Buffer overflow in Tinyproxy HTTP proxy 1.3.3 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long connect...

7.8AI Score

0.071EPSS

2001-05-07 04:00 AM
36