Received: by 2002:a89:288:0:b0:1f7:eeee:6653 with SMTP id j8csp431525lqh; Tue, 7 May 2024 03:49:54 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWN1qMHz94z6lYAHhBLHY1leO74NepcfNGSwJJSUGm06HsY68fB72weiZHXD63ca/X4x5/aquQfMNJl/eNzwR90Q9sm8P7OprX+VLzpzA== X-Google-Smtp-Source: AGHT+IEInnur0WppYB3WyGEKng9lhM72+frfVIXLbVCIoHN1UXDuTGPjQ6wXDTy500KKwT+L75nB X-Received: by 2002:a05:620a:171e:b0:790:eed5:53f with SMTP id af79cd13be357-792a644d114mr382324385a.1.1715078994334; Tue, 07 May 2024 03:49:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1715078994; cv=none; d=google.com; s=arc-20160816; b=0mxWqfSdXeUsv4SIIsf+35/63OFPeR4yylrdt7QrrKqoFf1yhPflsd37Y76CGZXVY1 B4UnnSG6cFN48oJZ6bb9RHz/dBPg7/AFQLwomDpdsKjF6wrL0jQwJaPX0h6igpmrnmS1 d5AwKZh9qaXnCpFL5F4eCouLSB59K1BKVufoeK2usrGXqtDrZqVa31NRqeBuFc1RV6Xr 7tZDi0pwyTqvCdQcCdilnvus124MG5zyx66QZV/2xclQ5jjBn+zsFf9ifoPmnHOexqOP 94Hs1K3zIkJwaavrnIiElDG003BgtJI2sb2efRQNtgcODPVDXbfFmXnGrVieWSWstoWk 8rSw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=subject:sender:user-agent:content-disposition:mime-version :mail-followup-to:message-id:to:from:date:dkim-signature :delivered-to:delivered-to:reply-to:list-id:list-subscribe :list-unsubscribe:list-help:list-post:precedence:mailing-list; bh=apFJ1Jmd5RvFghb95jeM8vHZJskUjevniB3NAl4SLkc=; fh=9jsPTyo6edd9xvAeG+KFFrRrXMmgB/RdwUKOrvy9dcA=; b=wZ4+KDz8ycKmLe8IRWrvXgEx3u45cQsUQY+9IWM5oQvyvddlRHmtHS1rGDNIZU6U8J MClxAWYfDZS6J+tCmAtCuXcnYpclUbv4/kDFimgTLfic+h1PVA84jrvf20ZcVRGH19W3 rzQtHPilnt8aQ0d0wsDoXIinRw4UblInqV2pk4IsEnYL8gPdHvtH6Pj+cLHMiOQZ5iYa zmP1dsefiADvQEoB03CuKWjXLIDQo6Nru4Sc5v1VsRCzreR33sONgboUFW+q/+TiXnpS UQ8viZB9o2UstgOEj9LYzQ2HsvQjRW5ZR5bDoaJzvdOafyE0ADQ86jZ+teXn2mQIHZ6k xAxg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@notcom.org header.s=jk header.b=bL1WVc+D; spf=pass (google.com: domain of oss-security-return-30124-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) smtp.mailfrom="oss-security-return-30124-linux.lists.archive=gmail.com@lists.openwall.com"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=notcom.org Return-Path: Received: from second.openwall.net (second.openwall.net. [193.110.157.125]) by mx.google.com with SMTP id z20-20020a05620a08d400b007929dbd1808si3267617qkz.307.2024.05.07.03.49.53 for ; Tue, 07 May 2024 03:49:54 -0700 (PDT) Received-SPF: pass (google.com: domain of oss-security-return-30124-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) client-ip=193.110.157.125; Authentication-Results: mx.google.com; dkim=fail header.i=@notcom.org header.s=jk header.b=bL1WVc+D; spf=pass (google.com: domain of oss-security-return-30124-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) smtp.mailfrom="oss-security-return-30124-linux.lists.archive=gmail.com@lists.openwall.com"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=notcom.org Received: (qmail 25934 invoked by uid 550); 7 May 2024 10:49:30 -0000 Mailing-List: contact oss-security-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: oss-security@lists.openwall.com Delivered-To: mailing list oss-security@lists.openwall.com Delivered-To: moderator for oss-security@lists.openwall.com Received: (qmail 11706 invoked from network); 7 May 2024 07:38:24 -0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=notcom.org; s=jk; h=Sender:Content-Type:MIME-Version:Message-ID:Subject:To:From:Date: Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=apFJ1Jmd5RvFghb95jeM8vHZJskUjevniB3NAl4SLkc=; t=1715067506; x=1715715506; b=bL1WVc+DroBF+yaTaUHcUaU63K05APS2AIuLC1lD487WA3jpxiLMXw30x9OxQUg7GjFNBQ0avzX qVX9fDRahZZLzr6g10dltZv2DmlU9fFLRk9KS9isV6Me9/0Pq2LcBT7eFr+yfTmmUrpEvciFWRdIX 95766BsDqmMkK+OJNpg6an3DjPZN/+LJDENiZG/jEY2ojlRSoCHjL4gEnMWdG4eTjuEGNclRjM8X2 MbyspBZdk6sv8f5r5tEVK0x8klqC/JXNIg6mmX9Ha2s4hBkK8WEsnMdJ68zgmdtq5GUzY47M6xCNI uah+0lG9U9ApAkbAW2nZo7HmN/1tuUva97Lg==; Date: Tue, 7 May 2024 10:38:08 +0300 From: Valtteri Vuorikoski To: oss-security@lists.openwall.com Message-ID: <2ib7foyctkfjgsicr3ucl7tqj6rld2w64so4hgth2jxboyeqe3@tgl57zzlwo7h> Mail-Followup-To: oss-security@lists.openwall.com MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: NeoMutt/20240323-4-c04f3b Sender: server-megadon@notcom.org Subject: [oss-security] CVE-2023-49606, CVE-2023-40533: memory safety vulnerabilities in tinyproxy <=1.11.1 Cisco Talos reports two memory safety vulnerabilities in tinyproxy, a small HTTP proxy server, in versions prior to 1.11.2 (not yet released). Quotes from the two advisories below. First advisory : CVE-2023-49606 A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote code execution. An attacker needs to make an unauthenticated HTTP request to trigger this vulnerability. 9.8 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:Hv Second advisory : CVE-2023-40533 An uninitialized memory use vulnerability exists in Tinyproxy 1.11.1 while parsing HTTP requests. In certain configurations, a specially crafted HTTP request can result in disclosure of data allocated on the heap, which could contain sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. 5.9 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Upstream has an issue open at . Talos claims to have contacted them in December 2023, but according to the developer there was no contact before the above advisories were released. The developer also disputes the veracity of CVE-2023-40533. Whatever the case, is the official fix for CVE-2023-49606. -Valtteri