Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2023-1739
HistoryApr 27, 2023 - 4:19 p.m.

Important: privoxy

2023-04-2716:19:00
alas.aws.amazon.com
17
privoxy
denial of service
memory leak
vulnerability
update
red hat
mitre
unix

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

54.0%

JSON

Issue Overview:

A flaw was found in privoxy before 3.0.32. A invalid read of size two may occur in chunked_body_is_complete() leading to denial of service. (CVE-2021-20275)

A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing. (CVE-2021-44540)

A memory leak vulnerability was found in Privoxy when handling errors. (CVE-2021-44542)

Affected Packages:

privoxy

Issue Correction:
Run yum update privoxy to update your system.

New Packages:

i686:  
    privoxy-3.0.23-2.17.amzn1.i686  
    privoxy-debuginfo-3.0.23-2.17.amzn1.i686  
  
src:  
    privoxy-3.0.23-2.17.amzn1.src  
  
x86_64:  
    privoxy-3.0.23-2.17.amzn1.x86_64  
    privoxy-debuginfo-3.0.23-2.17.amzn1.x86_64

Additional References

Red Hat: CVE-2021-20275, CVE-2021-44540, CVE-2021-44542

Mitre: CVE-2021-20275, CVE-2021-44540, CVE-2021-44542

Related

nessus 10
openvas 7
suse 4
osv 9
mageia 1
freebsd 1
cve 3
debiancve 3
veracode 3
cvelist 3
nvd 3
ubuntucve 3
alpinelinux 3
prion 3
cnvd 1
ubuntu 2
debian 2
gentoo 1
nessus
nessus
Amazon Linux AMI : privoxy (ALAS-2023-1739)
2023-05-04 00:00:00
openSUSE 15 Security Update : privoxy (openSUSE-SU-2021:1646-1)
2021-12-31 00:00:00
FreeBSD : Privoxy -- Multiple vulnerabilities (memory leak, XSS) (897e1962-5d5a-11ec-a3ed-040e3c3cf7e7)
2021-12-15 00:00:00
openvas
openvas
openSUSE: Security Advisory for privoxy (openSUSE-SU-2021:1646-1)
2022-02-08 00:00:00
Mageia: Security Advisory (MGASA-2021-0570)
2022-01-28 00:00:00
Ubuntu: Security Advisory (USN-5826-1)
2023-01-26 00:00:00
suse
suse
Security update for privoxy (important)
2022-11-02 00:00:00
Security update for privoxy (important)
2021-12-31 00:00:00
Security update for privoxy (moderate)
2021-03-18 00:00:00
osv
osv
privoxy-3.0.33-1.1 on GA media
2024-06-15 00:00:00
CVE-2021-44540
2021-12-23 20:15:11
CVE-2021-44542
2021-12-23 20:15:12
mageia
mageia
Updated privoxy packages fix security vulnerabilities
2021-12-19 19:13:42
freebsd
freebsd
Privoxy -- Multiple vulnerabilities (memory leak, XSS)
2021-12-09 00:00:00
cve
cve
CVE-2021-44542
2021-12-23 20:15:12
CVE-2021-44540
2021-12-23 20:15:11
CVE-2021-20275
2021-03-09 14:15:12
debiancve
debiancve
CVE-2021-20275
2021-03-09 14:15:12
CVE-2021-44540
2021-12-23 20:15:11
CVE-2021-44542
2021-12-23 20:15:12
veracode
veracode
Denial Of Service (DoS)
2021-03-06 23:06:16
Denial Of Service (DoS)
2021-12-12 21:03:53
Denial Of Service (DoS)
2021-12-12 21:03:59
cvelist
cvelist
CVE-2021-44542
2021-12-23 19:48:43
CVE-2021-44540
2021-12-23 19:48:42
CVE-2021-20275
2021-03-09 13:12:05
nvd
nvd
CVE-2021-44540
2021-12-23 20:15:11
CVE-2021-44542
2021-12-23 20:15:12
CVE-2021-20275
2021-03-09 14:15:12
ubuntucve
ubuntucve
CVE-2021-20275
2021-03-09 00:00:00
CVE-2021-44542
2021-12-23 00:00:00
CVE-2021-44540
2021-12-23 00:00:00
alpinelinux
alpinelinux
CVE-2021-44540
2021-12-23 20:15:11
CVE-2021-20275
2021-03-09 14:15:12
CVE-2021-44542
2021-12-23 20:15:12
prion
prion
Design/Logic Flaw
2021-12-23 20:15:00
Memory corruption
2021-12-23 20:15:00
Denial of service
2021-03-09 14:15:00
cnvd
cnvd
Privoxy Input Validation Error Vulnerability (CNVD-2022-08930)
2021-12-14 00:00:00
ubuntu
ubuntu
Privoxy vulnerabilities
2023-01-25 00:00:00
Privoxy vulnerabilities
2021-03-22 00:00:00
debian
debian
[SECURITY] [DLA 2844-1] privoxy security update
2021-12-13 14:44:25
[SECURITY] [DLA 2587-1] privoxy security update
2021-03-09 17:51:46
gentoo
gentoo
Privoxy: Multiple vulnerabilities
2021-07-08 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

54.0%

JSON
Related for ALAS-2023-1739
nessus10openvas7suse4osv9mageia1freebsd1cve3debiancve3veracode3cvelist3nvd3ubuntucve3alpinelinux3prion3cnvd1ubuntu2debian2gentoo1