CVE-2025-63938
- EPSS 0.05%
- Veröffentlicht 26.11.2025 00:00:00
- Zuletzt bearbeitet 02.01.2026 20:48:24
Tinyproxy through 1.11.2 contains an integer overflow vulnerability in the strip_return_port() function within src/reqs.c.
CVE-2023-49606
- EPSS 77.51%
- Veröffentlicht 01.05.2024 16:15:07
- Zuletzt bearbeitet 04.11.2025 18:15:44
A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to re...
CVE-2022-40468
- EPSS 0.17%
- Veröffentlicht 19.09.2022 17:15:14
- Zuletzt bearbeitet 04.11.2025 16:15:52
Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in process_request() function.
CVE-2017-11747
- EPSS 0.03%
- Veröffentlicht 30.07.2017 16:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.p...