← Volver a CVEs

CVE-2023-49606

CRITICAL

9.8

Descripcion

A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote code execution. An attacker needs to make an unauthenticated HTTP request to trigger this vulnerability.

Detalles CVE

Puntuacion CVSS v3.19.8

SeveridadCRITICAL

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado5/1/2024

Ultima modificacion11/4/2025

Fuentenvd

Avistamientos honeypot0

Productos afectados

tinyproxy_project:tinyproxy

Debilidades (CWE)

CWE-416

Referencias

http://www.openwall.com/lists/oss-security/2024/05/07/1(talos-cna@cisco.com)

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889(talos-cna@cisco.com)

http://www.openwall.com/lists/oss-security/2024/05/07/1(af854a3a-2127-422b-91ae-364da2661108)

https://lists.debian.org/debian-lts-announce/2024/09/msg00035.html(af854a3a-2127-422b-91ae-364da2661108)

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889(af854a3a-2127-422b-91ae-364da2661108)

https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1889(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.