#CVE202349606

Critical Bug Could Open 50K+ Tinyproxy Servers to DoS, RCE

by

May 8, 2024 at 12:44PM A use-after-free flaw in the open-source Tinyproxy (versions 1.11.1 and 1.10.0) allows attackers to trigger memory corruption, potentially leading to denial-of-service (DoS) and remote code execution (RCE) via a specially crafted HTTP Connection header. The flaw is rated 9.8 out of 10 in severity. While no known exploitation exists, more … Read more

Critical Tinyproxy Flaw Opens Over 50,000 Hosts to Remote Code Execution

by

May 6, 2024 at 10:54AM A critical unpatched security flaw in the Tinyproxy service impacts more than half of the 90,310 exposed hosts, making them vulnerable to remote code execution. The vulnerability, with a CVSS score of 9.8, affects versions 1.10.0 and 1.11.1 and is being actively exploited. Users are urged to update to the … Read more