Privoxy
CVE-2021-20213
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed.
AnalysisAI
A flaw was found in Privoxy in versions before 3.0.29. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Technical ContextAI
This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. A flaw was found in Privoxy in versions before 3.0.29. Dereference of a NULL-pointer that could result in a crash if accept-intercepted-requests was enabled, Privoxy failed to get the request destination from the Host header and a memory allocation failed. Affected products include: Privoxy. Version information: before 3.0.29..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.
Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server d
The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a den
The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (inv
Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via v
A memory leak vulnerability was found in Privoxy when handling errors. Rated high severity (CVSS 7.5), this vulnerabilit
A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory whe
A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec
A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are c
A flaw was found in Privoxy in versions before 3.0.31. Rated high severity (CVSS 7.5), this vulnerability is remotely ex
A flaw was found in Privoxy in versions before 3.0.31. Rated high severity (CVSS 7.5), this vulnerability is remotely ex
A flaw was found in Privoxy in versions before 3.0.29. Rated high severity (CVSS 7.5), this vulnerability is remotely ex
A flaw was found in Privoxy in versions before 3.0.29. Rated high severity (CVSS 7.5), this vulnerability is remotely ex
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Null Pointer Dereference
View allShare
External POC / Exploit Code
Leaving vuln.today