Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Arch Linux: 202204-15 Moderate Severity: Nginx Buffer Overflow

Calendar Jan 19, 2015 User Avatar LinuxSecurity Advisories
1 min read
Archlinux Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service package update medium severity software fix tinyproxy arch linux
The package tinyproxy before version 1.8.4-1 is vulnerable to denial of service. 
Arch Linux Security Advisory ASA-201501-11
=========================================
Severity: Medium
Date    : 2015-01-19
CVE-ID  : CVE-2012-3505
Package : tinyproxy
Type    : denial of service
Remote  : Yes
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package tinyproxy before version 1.8.4-1 is vulnerable to denial of
service.

Resolution
=========
Upgrade to 1.8.4-1.

# pacman -Syu "tinyproxy>=1.8.4-1"

The problem has been fixed upstream in version 1.8.4.

Workaround
=========
None.

Description
==========
It was discovered that a remote attacker is able to cause a denial of
service (CPU and memory consumption) via (1) a large number of headers
or (2) a large number of forged headers that predictably trigger hash
collisions.

Impact
=====
A remote attacker is able to use specially crafted headers to
predictably cause CPU and memory consumption leading to denial of service.

References
=========
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3505
https://bugs.archlinux.org/task/38400

Related News

Your message here