PT-2024-12893 · Tinyproxy · Tinyproxy
Published
2024-05-01
·
Updated
2024-05-10
·
CVE-2023-40533
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Tinyproxy version 1.11.1
Description
An uninitialized memory use issue exists while parsing HTTP requests. In certain configurations, a specially crafted HTTP request can result in disclosure of data allocated on the heap, which could contain sensitive information. An attacker can make an unauthenticated HTTP request to trigger this issue.
Recommendations
For Tinyproxy version 1.11.1, at the moment, there is no information about a newer version that contains a fix for this issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Tinyproxy