CVE-2022-40468

Опубликовано: 19 сент. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in process_request() function.

Ссылки

https://github.com/tinyproxy/tinyproxy
Third Party Advisory
https://github.com/tinyproxy/tinyproxy/blob/84f203fb1c4733608c7283bbe794005a469c4b00/src/reqs.c#L346
Exploit
Third Party Advisory
https://github.com/tinyproxy/tinyproxy/issues/457
Exploit
Third Party Advisory
https://github.com/tinyproxy/tinyproxy/issues/457#issuecomment-1264176815
https://security.gentoo.org/glsa/202305-27
https://github.com/tinyproxy/tinyproxy
Third Party Advisory
https://github.com/tinyproxy/tinyproxy/blob/84f203fb1c4733608c7283bbe794005a469c4b00/src/reqs.c#L346
Exploit
Third Party Advisory
https://github.com/tinyproxy/tinyproxy/issues/457
Exploit
Third Party Advisory
https://github.com/tinyproxy/tinyproxy/issues/457#issuecomment-1264176815
https://lists.debian.org/debian-lts-announce/2024/09/msg00035.html
https://security.gentoo.org/glsa/202305-27

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tinyproxy_project:tinyproxy:*:*:*:*:*:*:*:*

Версия до 1.11.1 (включая)

EPSS

Процентиль: 32%

0.00124

Низкий

7.5 High

CVSS3

Дефекты

CWE-1188

Связанные уязвимости

CVE-2022-40468

CVSS3: 7.5

ubuntu

больше 3 лет назад

CVE-2022-40468

CVSS3: 7.5

debian

больше 3 лет назад

Potential leak of left-over heap data if custom error page templates c ...

GHSA-h3r7-x4mp-2c39

CVSS3: 7.5

github

больше 3 лет назад

Tinyproxy commit 84f203f and earlier does not process HTTP request lines in the process_request() function and is using uninitialized buffers. This vulnerability allows attackers to access sensitive information at system runtime.

openSUSE-SU-2024:0119-1

suse-cvrf

больше 1 года назад

Security update for tinyproxy

EPSS

Процентиль: 32%

0.00124

Низкий

7.5 High

CVSS3

Дефекты

CWE-1188