A critical use-after-free vulnerability in the HTTP Connection Headers parsing in Tinyproxy versions 1.11.1 and 1.10.0 can be exploited to achieve memory corruption and remote code execution. The vulnerability is triggered through an unauthenticated HTTP request. According to data from Censys gathered on May 4, of the 90,310 hosts exposing a Tinyproxy service to the public Internet, approximately 57,000 are running vulnerable versions of Tinyproxy. Ref https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889/
Tinyproxy HTTP Connection Header Vulnerability
- Post author:System
- Post published:12 May 2024
- Post category:Blog & News