Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

tinyproxy_project

Source -

NVD

BOS Name -

N/A

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

3
Related CVEsRelated ProductsRelated AssignersReports
3Vulnerabilities found
CVE-2023-49606
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-9.8||CRITICAL
EPSS-68.59% / 98.55%
||
7 Day CHG-2.64%
Published-01 May, 2024 | 15:31
Updated-22 Aug, 2025 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote code execution. An attacker needs to make an unauthenticated HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-tinyproxy_projectTinyproxytinyproxy
Product-tinyproxyTinyproxytinyproxy
CWE ID-CWE-416
Use After Free
CVE-2022-40468
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 20.97%
||
7 Day CHG~0.00%
Published-19 Sep, 2022 | 00:00
Updated-03 Aug, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in process_request() function.

Action-Not Available
Vendor-tinyproxy_projectn/a
Product-tinyproxyn/a
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CVE-2017-11747
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.77%
||
7 Day CHG~0.00%
Published-30 Jul, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tinyproxy.pid modification before a root script executes a "kill `cat /run/tinyproxy/tinyproxy.pid`" command.

Action-Not Available
Vendor-tinyproxy_projectn/a
Product-tinyproxyn/a
CWE ID-CWE-269
Improper Privilege Management