CVE-2026-31842

EPSS 0.05%
Veröffentlicht 07.04.2026 11:17:33
Zuletzt bearbeitet 07.04.2026 13:20:11
Quelle 309f9ea4-e3e9-4c6c-b79d-e8eb01
CVE-Watchlists
Login
Unerledigt
Login

Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The is_chunked_transfer() function uses strcmp() to compare the header value against "chunked", even though RFC 7230 specifies that transfer-coding names are case-insensitive. By sending a request with Transfer-Encoding: Chunked, an unauthenticated remote attacker can cause Tinyproxy to misinterpret the request as having no body. In this state, Tinyproxy sets content_length.client to -1, skips pull_client_data_chunked(), forwards request headers upstream, and transitions into relay_connection() raw TCP forwarding while unread body data remains buffered. This leads to inconsistent request state between Tinyproxy and backend servers. RFC-compliant backends (e.g., Node.js, Nginx) will continue waiting for chunked body data, causing connections to hang indefinitely. This behavior enables application-level denial of service through backend worker exhaustion. Additionally, in deployments where Tinyproxy is used for request-body inspection, filtering, or security enforcement, the unread body may be forwarded without proper inspection, resulting in potential security control bypass.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerTinyproxy Project

≫

Produkt Tinyproxy

Default Statusunaffected

Version <= 1.11.3

Version 0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.143

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c	8.7	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

https://github.com/tinyproxy/tinyproxy

https://github.com/tinyproxy/tinyproxy/issues/604

https://datatracker.ietf.org/doc/html/rfc7230

https://nvd.nist.gov/vuln/detail/CVE-2026-31842

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-31842

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-31842

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-31842