CVE-2023-49606

Published: 01/05/2024 Updated: 07/05/2024

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote code execution. An attacker needs to make an unauthenticated HTTP request to trigger this vulnerability.

Debian Bug report logs - #1070395 tinyproxy: CVE-2023-40533 CVE-2023-49606 Package: src:tinyproxy; Maintainer for src:tinyproxy is Mike Gabriel <sunweaver@debianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Sat, 4 May 2024 18:45:02 UTC Severity: grave Tags: security, upstream Reply or subscribe ...

Check Point Reference: CPAI-2023-1693 Date Published: 9 May 2024 Severity: High ...

Cisco Talos reports two memory safety vulnerabilities in tinyproxy, a small HTTP proxy server, in versions prior to 1112 (not yet released) Quotes from the two advisories below First advisory <talosintelligencecom/vulnerability_reports/TALOS-2023-1889>: CVE-2023-49606 A use-after-free vulnerability exists in the HTTP Conne ...

Critical use-after-free vulnerability discovered in Tinyproxy

🇮🇱 #BringThemHome #NeverAgainIsNow 🇮🇱 We demand the safe return of all citizens who have been taken hostage by the terrorist group Hamas We will not rest until every hostage is released and returns home safely You can help bring them back home storiesbringthemhomenownet/ CVE-2023-49606: Tinyproxy Use-After-Free Vulnerability Analysis 🚨 Critical V

Exploit "TinyFree" for CVE-2023-49606 Poc

Exploit "TinyFree" for CVE-2023-49606 🛡️ Description The "TinyFree" exploit is a powerful tool that leverages a "use-after-free" vulnerability in Tinyproxy versions 1111 and 1100 This vulnerability allows an attacker to remotely execute arbitrary code on the target system, bypassing authentication 💥 Impact With "TinyFree," a

Exploit "TinyFree" for CVE-2023-49606 PoC

CVE-2023-49606-POC Exploit "TinyFree" for CVE-2023-49606 PoC

Exploit "TinyFree" for CVE-2023-49606-Poc POC

CVE-2023-49606-Poc Exploit "TinyFree" for CVE-2023-49606-Poc POC

Over 50,000 Tinyproxy servers vulnerable to critical RCE flaw

BleepingComputer • Bill Toulas • 07 May 2024

Over 50,000 Tinyproxy servers vulnerable to critical RCE flaw By Bill Toulas May 7, 2024 01:07 PM 0 Nearly 52,000 internet-exposed Tinyproxy instances are vulnerable to CVE-2023-49606, a recently disclosed critical remote code execution (RCE) flaw. Tinyproxy is an open-source HTTP and HTTPS proxy server designed to be fast, small, and lightweight. It is specifically tailored for UNIX-like operating systems and is commonly used by small businesses, public WiFi providers, and home users....

CVE-2023-49606

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect