VYPR

rpm package

opensuse/tinyproxy&distro=openSUSE Leap 15.5

pkg:rpm/opensuse/tinyproxy&distro=openSUSE%20Leap%2015.5

Vulnerabilities (4)

  • CVE-2023-49606May 1, 2024
    affected < 1.11.2-bp155.3.3.1fixed 1.11.2-bp155.3.3.1

    A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote code execution. An attack

  • CVE-2022-40468Sep 19, 2022
    affected < 1.11.2-bp155.3.3.1fixed 1.11.2-bp155.3.3.1

    Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in process_request() function.

  • CVE-2017-11747MedJul 30, 2017
    affected < 1.11.2-bp155.3.3.1fixed 1.11.2-bp155.3.3.1

    main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.pid modification before a root

  • CVE-2012-3505Oct 9, 2012
    affected < 1.11.2-bp155.3.3.1fixed 1.11.2-bp155.3.3.1

    Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via (1) a large number of headers or (2) a large number of forged headers that trigger hash collisions predictably. bucket.