Published: 27/01/2016 Updated: 06/12/2016

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The client_host function in parsers.c in Privoxy prior to 3.0.24 allows remote malicious users to cause a denial of service (invalid read and crash) via an empty HTTP Host header.

Vulnerable Product	Search on Vulmon	Subscribe to Product
privoxy privoxy

It was discovered that privoxy, a web proxy with advanced filtering capabilities, contained invalid reads that could enable a remote attacker to crash the application, thus causing a Denial of Service For the oldstable distribution (wheezy), these problems have been fixed in version 3019-2+deb7u3 For the stable distribution (jessie), these prob ...

The remove_chunked_transfer_coding function allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content (CVE-2016-1982) The client_host function in parsersc allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header (CVE-2016-1983) ...

The client_host function in parsersc in Privoxy before 3024 allows remote attackers to cause a denial of service (invalid read and crash) via an empty HTTP Host header ...

CWE-20 http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.302&r2=1.303 http://www.openwall.com/lists/oss-security/2016/01/21/4 http://www.openwall.com/lists/oss-security/2016/01/22/3 http://www.privoxy.org/announce.txt http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176475.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176492.html http://www.debian.org/security/2016/dsa-3460 https://nvd.nist.gov https://www.debian.org/security/./dsa-3460

CVE-2016-1983

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect