Privoxy
CVE-2021-20214
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail can lead to a system crash.
AnalysisAI
A flaw was found in Privoxy in versions before 3.0.29. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.
Technical ContextAI
This vulnerability is classified as Memory Leak (CWE-401), which allows attackers to exhaust available memory leading to denial of service. A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail can lead to a system crash. Affected products include: Privoxy. Version information: before 3.0.29..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Ensure all allocated memory is properly freed. Use RAII patterns or garbage-collected languages.
Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server d
The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a den
The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (inv
Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via v
A memory leak vulnerability was found in Privoxy when handling errors. Rated high severity (CVSS 7.5), this vulnerabilit
A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory whe
A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec
A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are c
A flaw was found in Privoxy in versions before 3.0.31. Rated high severity (CVSS 7.5), this vulnerability is remotely ex
A flaw was found in Privoxy in versions before 3.0.31. Rated high severity (CVSS 7.5), this vulnerability is remotely ex
A flaw was found in Privoxy in versions before 3.0.29. Rated high severity (CVSS 7.5), this vulnerability is remotely ex
A flaw was found in Privoxy in versions before 3.0.29. Rated high severity (CVSS 7.5), this vulnerability is remotely ex
Same weakness CWE-401 – Memory Leak
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today