#TinyproxyVulnerability

Critical Bug Could Open 50K+ Tinyproxy Servers to DoS, RCE

by

May 8, 2024 at 12:44PM A use-after-free flaw in the open-source Tinyproxy (versions 1.11.1 and 1.10.0) allows attackers to trigger memory corruption, potentially leading to denial-of-service (DoS) and remote code execution (RCE) via a specially crafted HTTP Connection header. The flaw is rated 9.8 out of 10 in severity. While no known exploitation exists, more … Read more

Over 50,000 Tinyproxy servers vulnerable to critical RCE flaw

by

May 7, 2024 at 01:13PM Nearly 52,000 vulnerable Tinyproxy instances exposed to CVE-2023-49606, a critical remote code execution flaw. Cisco Talos disclosed the use-after-free vulnerability in December 2023, affecting versions 1.11.1 and 1.10.0. After receiving no response from developers, Cisco reported detailed information and proof-of-concept exploits. On Sunday, Tinyproxy released a fix to prevent exploitation, … Read more