Vulnerability Description
Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in process_request() function.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tinyproxy Project | Tinyproxy | <= 1.11.1 |
Related Weaknesses (CWE)
References
- https://github.com/tinyproxy/tinyproxyThird Party Advisory
- https://github.com/tinyproxy/tinyproxy/blob/84f203fb1c4733608c7283bbe794005a469cExploitThird Party Advisory
- https://github.com/tinyproxy/tinyproxy/issues/457ExploitThird Party Advisory
- https://github.com/tinyproxy/tinyproxy/issues/457#issuecomment-1264176815
- https://security.gentoo.org/glsa/202305-27
- https://github.com/tinyproxy/tinyproxyThird Party Advisory
- https://github.com/tinyproxy/tinyproxy/blob/84f203fb1c4733608c7283bbe794005a469cExploitThird Party Advisory
- https://github.com/tinyproxy/tinyproxy/issues/457ExploitThird Party Advisory
- https://github.com/tinyproxy/tinyproxy/issues/457#issuecomment-1264176815
- https://lists.debian.org/debian-lts-announce/2024/09/msg00035.html
- https://security.gentoo.org/glsa/202305-27
FAQ
What is CVE-2022-40468?
CVE-2022-40468 is a vulnerability with a CVSS score of 7.5 (HIGH). Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in process_reque...
How severe is CVE-2022-40468?
CVE-2022-40468 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-40468?
Check the references section above for vendor advisories and patch information. Affected products include: Tinyproxy Project Tinyproxy.