ID CVE-2002-0847
Summary tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers to execute arbitrary code via memory that is freed twice (double-free).
References
Vulnerable Configurations
  • cpe:2.3:a:tinyproxy:tinyproxy:1.3.2
    cpe:2.3:a:tinyproxy:tinyproxy:1.3.2
  • cpe:2.3:a:tinyproxy:tinyproxy:1.3.3
    cpe:2.3:a:tinyproxy:tinyproxy:1.3.3
  • cpe:2.3:a:tinyproxy:tinyproxy:1.4.3
    cpe:2.3:a:tinyproxy:tinyproxy:1.4.3
CVSS
Base: 7.5 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
NASL family Debian Local Security Checks
NASL id DEBIAN_DSA-145.NASL
description The authors of tinyproxy, a lightweight HTTP proxy, discovered a bug in the handling of some invalid proxy requests. Under some circumstances, an invalid request may result in allocated memory being freed twice. This can potentially result in the execution of arbitrary code.
last seen 2019-02-21
modified 2018-07-20
plugin id 14982
published 2004-09-29
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=14982
title Debian DSA-145-1 : tinyproxy - doubly freed memory
refmap via4
bid 4731
confirm http://sourceforge.net/project/shownotes.php?release_id=88790
debian DSA-145
xf tinyproxy-memory-corruption(9079)
Last major update 07-12-2016 - 21:59
Published 12-08-2002 - 00:00
Back to Top