CVE-2026-31842
- EPSS 0.05%
- Veröffentlicht 07.04.2026 11:17:33
- Zuletzt bearbeitet 07.04.2026 13:20:11
Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The is_chunked_transfer() function uses strcmp() to compare the header value against "c...
CVE-2025-63938
- EPSS 0.06%
- Veröffentlicht 26.11.2025 00:00:00
- Zuletzt bearbeitet 02.01.2026 20:48:24
Tinyproxy through 1.11.2 contains an integer overflow vulnerability in the strip_return_port() function within src/reqs.c.
CVE-2023-49606
- EPSS 74.25%
- Veröffentlicht 01.05.2024 16:15:07
- Zuletzt bearbeitet 04.11.2025 18:15:44
A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to re...
CVE-2022-40468
- EPSS 0.18%
- Veröffentlicht 19.09.2022 17:15:14
- Zuletzt bearbeitet 04.11.2025 16:15:52
Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in process_request() function.
CVE-2017-11747
- EPSS 0.03%
- Veröffentlicht 30.07.2017 16:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.p...