Описание
Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in process_request() function.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | not-affected | 1.11.2-1 |
| esm-apps/bionic | released | 1.8.4-5ubuntu0.1~esm2 |
| esm-apps/focal | released | 1.10.0-4ubuntu0.1 |
| esm-apps/jammy | released | 1.11.0-1ubuntu0.1~esm1 |
| esm-apps/noble | not-affected | 1.11.1-3ubuntu0.1 |
| esm-apps/xenial | released | 1.8.3-3ubuntu16.04.1~esm2 |
| esm-infra-legacy/trusty | released | 1.8.3-3ubuntu14.04.1~esm2 |
| focal | released | 1.10.0-4ubuntu0.1 |
| jammy | needed |
Показывать по
Ссылки на источники
7.5 High
CVSS3
Связанные уязвимости
Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in process_request() function.
Potential leak of left-over heap data if custom error page templates c ...
Tinyproxy commit 84f203f and earlier does not process HTTP request lines in the process_request() function and is using uninitialized buffers. This vulnerability allows attackers to access sensitive information at system runtime.
7.5 High
CVSS3