VDB
CNVD-2024-21665
CNVD-2024-21665
PUBLISHED
CVSS 9.800000190734863 CRITICAL
Tinyproxy是一个轻量级的HTTP/HTTPS代理服务器,主要用于在计算机网络中转发HTTP请求。 Tinyproxy HTTP头处理存在内存错误引用漏洞,该漏洞是由于HTTP连接头解析中释放后的使用引起的。攻击者可利用该漏洞在系统上执行任意代码。
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tinyproxy | Tinyproxy | 1.11.1, Tinyproxy 1.10.0 |
| tinyproxy | tinyproxy | 1.10.0, 1.11.1 |
Exploit Intelligence
- CIRCL published-proof-of-concept: CVE-2023-49606 (circl-sighting)
- CIRCL seen: CVE-2023-49606 (circl-sighting)
- CIRCL seen: CVE-2023-49606 (circl-sighting)
- CIRCL exploited: CVE-2023-49606 (circl-sighting)
- CIRCL published-proof-of-concept: CVE-2023-49606 (circl-sighting)
- CIRCL seen: CVE-2023-49606 (circl-sighting)
- CIRCL published-proof-of-concept: CVE-2023-49606 (circl-sighting)
- CIRCL seen: CVE-2023-49606 (circl-sighting)
- CIRCL seen: CVE-2023-49606 (circl-sighting)
- CIRCL published-proof-of-concept: CVE-2023-49606 (circl-sighting)
…and 16 more exploits
Timeline
- May 1, 2024 CVE Published
- May 6, 2024 CVE ID Reserved
- May 6, 2024 PoC Published
- May 6, 2024 PoC Published
- May 6, 2024 PoC Published
- May 6, 2024 PoC Published
- May 6, 2024 PoC Published
- May 6, 2024 PoC Published
- May 6, 2024 PoC Published
- May 6, 2024 PoC Published
- May 7, 2024 PoC Published
- May 7, 2024 PoC Published