CVE-2026-31842
- EPSS 0.05%
- Veröffentlicht 07.04.2026 11:17:33
- Zuletzt bearbeitet 07.04.2026 13:20:11
Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The is_chunked_transfer() function uses strcmp() to compare the header value against "c...
CVE-2026-3945
- EPSS 0.06%
- Veröffentlicht 30.03.2026 07:05:23
- Zuletzt bearbeitet 30.03.2026 13:26:07
An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to and including version 1.11.3 allows an unauthenticated remote attacker to cause a denial of service (DoS). The issue occurs because chunk size values ar...
CVE-2025-63938
- EPSS 0.06%
- Veröffentlicht 26.11.2025 00:00:00
- Zuletzt bearbeitet 02.01.2026 20:48:24
Tinyproxy through 1.11.2 contains an integer overflow vulnerability in the strip_return_port() function within src/reqs.c.
CVE-2023-49606
- EPSS 74.25%
- Veröffentlicht 01.05.2024 16:15:07
- Zuletzt bearbeitet 04.11.2025 18:15:44
A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to re...
CVE-2002-0847
- EPSS 2.12%
- Veröffentlicht 12.08.2002 04:00:00
- Zuletzt bearbeitet 16.04.2026 00:27:16
tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers to execute arbitrary code via memory that is freed twice (double-free).
- EPSS 9.56%
- Veröffentlicht 12.03.2001 05:00:00
- Zuletzt bearbeitet 16.04.2026 00:27:16
Buffer overflow in Tinyproxy HTTP proxy 1.3.3 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long connect request.