Security
Security
A vulnerability has been discovered in Tinyproxy which could be used to achieve memory disclosure.
| Package | net-proxy/tinyproxy on all architectures |
|---|---|
| Affected versions | < 1.11.1_p20220908 |
| Unaffected versions | >= 1.11.1_p20220908 |
Tinyproxy is a light-weight HTTP/HTTPS proxy daemon for POSIX operating systems.
Tinyproxy's request processing does not sufficiently null-initialize variables used in error pages.
Contents of the Tinyproxy server's memory could be disclosed via generated error pages.
There is no known workaround at this time.
All Tinyproxy users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-proxy/tinyproxy-1.11.1_p20220908"
Release date
May 21, 2023
Latest revision
May 21, 2023: 1
Severity
low
Exploitable
remote
Bugzilla entries