Gentoo GLSA 202305-27 Low Severity: Tinyproxy Memory Disclosure
gentoo
May 21, 2023
A vulnerability has been discovered in Tinyproxy which could be used to achieve memory disclosure.
Summary
Tinyproxy's request processing does not sufficiently null-initialize variables used in error pages.
Resolution
All Tinyproxy users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-proxy/tinyproxy-1.11.1_p20220908"
References
[ 1 ] CVE-2022-40468 https://nvd.nist.gov/vuln/detail/CVE-2022-40468
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202305-27
style>.gentoo_availability{display:block;}
Concerns
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
PREVIOUS
NEXT
Severity
low
Lowest
Low
Medium
High
Critical
Severity: Low
Title: Tinyproxy: Memory Disclosure
Date: May 21, 2023
Bugs: #871924
ID: 202305-27
Background
Tinyproxy is a light-weight HTTP/HTTPS proxy daemon for POSIX operating
systems.
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Affected Packages
Package Vulnerable Unaffected
------------------- ------------ ------------
net-proxy/tinyproxy < 1.8.3-r3 >= 1.8.3-r3
Impact
=====
Contents of the Tinyproxy server's memory could be disclosed via
generated error pages.
Workaround
There is no known workaround at this time.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!