Privoxy
CVE-2021-20272
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash.
AnalysisAI
A flaw was found in privoxy before 3.0.32. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-617. A flaw was found in privoxy before 3.0.32. An assertion failure could be triggered with a crafted CGI request leading to server crash. Affected products include: Privoxy, Debian Debian Linux. Version information: before 3.0.32..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server d
The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a den
The client_host function in parsers.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (inv
Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via v
A memory leak vulnerability was found in Privoxy when handling errors. Rated high severity (CVSS 7.5), this vulnerabilit
A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory whe
A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec
A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are c
A flaw was found in Privoxy in versions before 3.0.31. Rated high severity (CVSS 7.5), this vulnerability is remotely ex
A flaw was found in Privoxy in versions before 3.0.31. Rated high severity (CVSS 7.5), this vulnerability is remotely ex
A flaw was found in Privoxy in versions before 3.0.29. Rated high severity (CVSS 7.5), this vulnerability is remotely ex
A flaw was found in Privoxy in versions before 3.0.29. Rated high severity (CVSS 7.5), this vulnerability is remotely ex
Same weakness CWE-617 – Reachable Assertion
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today