CVE-2022-40468

7.5 HIGH

Published: September 19, 2022 Modified: November 04, 2025

Description

Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in process_request() function.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://github.com/tinyproxy/tinyproxy

Source: cve@mitre.org

Third Party Advisory

https://github.com/tinyproxy/tinyproxy/blob/84f203fb1c4733608c7283bbe794005a469c4b00/src/reqs.c#L346

Source: cve@mitre.org

Exploit Third Party Advisory

https://github.com/tinyproxy/tinyproxy/issues/457

Source: cve@mitre.org

Exploit Third Party Advisory

https://github.com/tinyproxy/tinyproxy/issues/457#issuecomment-1264176815

Source: cve@mitre.org

https://security.gentoo.org/glsa/202305-27

Source: cve@mitre.org

https://github.com/tinyproxy/tinyproxy