CVE-2023-49606

CVSS V2 None CVSS V3 None

Description

A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote code execution. An attacker needs to make an unauthenticated HTTP request to trigger this vulnerability.

Overview

CVE ID
CVE-2023-49606

Assigner
talos

Vulnerability Status
PUBLISHED

Published Version
2024-05-01T15:31:01.499Z

Last Modified Date
2024-06-04T17:27:48.362Z

Weakness Enumerations

CWE	URL
CWE-416	http://cwe.mitre.org/data/definitions/416.html

References

Reference URL	Reference Tags
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889
http://www.openwall.com/lists/oss-security/2024/05/07/1

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-49606
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49606

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 13:02:17				Added to TrackCVE