Advertisement
Top

Most Tinyproxy Instances are potentially vulnerable to flaw CVE-2023-49606

May 8, 2024

Via: Security Affairs
Category:

Researchers from Cisco Talos reported a use-after-free vulnerability in the HTTP Connection Headers parsing of Tinyproxy 1.11.1 and Tinyproxy 1.10.0. The issue is tracked as CVE-2023-49606 and received a CVSS score of 9.8. The exploitation of the issue can potentially lead to remote code execution.

“A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote code execution. An attacker needs to make an unauthenticated HTTP request to trigger this vulnerability.” reads the advisory.

Read More on Security Affairs

RELATED PUBLICATIONS

Massive security hole in VPNs shows their shortcomings as a defensive measure
Google fixed critical Chrome vulnerability CVE-2024-4058
Palo Alto Networks Warns of Exploited Firewall Vulnerability

Latest Publications

NCSC CTO: Broken market must be fixed to usher in new tech
EU probes Meta over its provisions for protecting children
Improving cyber defense with open source SIEM and XDR
Security Curated Copyright © 2024. All rights reserved
Go to ITCurated!