Heap Data Leak Vulnerability in Tinyproxy
CVE-2022-40468

7.5HIGH

Key Information:

Vendor: Tinyproxy Project
Status: Tinyproxy
Vendor: CVE Published:; 19 September 2022

🔔 Create Tinyproxy Project Vulnerability Alert

What is CVE-2022-40468?

A vulnerability has been identified in Tinyproxy that can lead to a potential leakage of sensitive heap data. This issue arises when custom error page templates are utilized with non-standard variables, resulting in uninitialized buffers being accessed during the request processing. This can expose leftover data, which may contain sensitive information, thereby increasing the risk of information disclosure for users of affected versions of Tinyproxy.

References

https://github.com/tinyproxy/tinyproxy

https://github.com/tinyproxy/tinyproxy/blob/84f203fb1c473...

https://github.com/tinyproxy/tinyproxy/issues/457

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 19, 2022
Vulnerability Reserved
Sep 11, 2022

CVE-2022-40468 Data

JSON