Описание
Tinyproxy commit 84f203f and earlier does not process HTTP request lines in the process_request() function and is using uninitialized buffers. This vulnerability allows attackers to access sensitive information at system runtime.
Tinyproxy commit 84f203f and earlier does not process HTTP request lines in the process_request() function and is using uninitialized buffers. This vulnerability allows attackers to access sensitive information at system runtime.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-40468
- https://github.com/tinyproxy/tinyproxy/issues/457
- https://github.com/tinyproxy/tinyproxy/issues/457#issuecomment-1264176815
- https://github.com/tinyproxy/tinyproxy
- https://github.com/tinyproxy/tinyproxy/blob/84f203fb1c4733608c7283bbe794005a469c4b00/src/reqs.c#L346
- https://lists.debian.org/debian-lts-announce/2024/09/msg00035.html
- https://security.gentoo.org/glsa/202305-27
Связанные уязвимости
Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in process_request() function.
Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in process_request() function.
Potential leak of left-over heap data if custom error page templates c ...
