privoxy

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A web proxy with advanced filtering capabilities.
Version 3.0.34-2 [extra]

Open

Group Affected Fixed Severity Status Ticket
AVG-2616 3.0.32-1 Medium Vulnerable
Issue Group Severity Remote Type Description
CVE-2021-44543 AVG-2616 Medium Yes Cross-site scripting
A security issue has been found in Privoxy before version 3.0.33. cgi_error_no_template() did not encode the template name, which could lead to cross-site...
CVE-2021-44542 AVG-2616 Low Yes Denial of service
A security issue has been found in Privoxy before version 3.0.33. send_http_request() leaked memory when handling errors.
CVE-2021-44541 AVG-2616 Low Yes Denial of service
A security issue has been found in Privoxy before version 3.0.33. process_encrypted_request_headers() did not free header memory when failing to get the...
CVE-2021-44540 AVG-2616 Low Yes Denial of service
A security issue has been found in Privoxy before version 3.0.33. get_url_spec_param() did not free memory of compiled pattern spec before bailing.

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1656 3.0.31-1 3.0.32-1 Medium Fixed
AVG-1524 3.0.30-1 3.0.31-1 Low Fixed
Issue Group Severity Remote Type Description
CVE-2021-20276 AVG-1656 Medium Yes Arbitrary code execution
A security issue was found in Privoxy before version 3.0.32. An invalid pattern passed to pcre_compile() could lead to invalid memory accesses. Note that...
CVE-2021-20275 AVG-1656 Medium Yes Denial of service
A security issue was found in Privoxy before version 3.0.32. There is an invalid read of size two in chunked_body_is_complete().
CVE-2021-20274 AVG-1656 Medium Yes Denial of service
A security issue was found in Privoxy before version 3.0.32. A crash due to a NULL-pointer dereference when the SOCKS server misbehaves could result in...
CVE-2021-20273 AVG-1656 Medium Yes Denial of service
A security issue was found in Privoxy before version 3.0.32. Invalid image types in a crafted CGI request could lead to a crash, resulting in denial of service.
CVE-2021-20272 AVG-1656 Medium Yes Denial of service
A security issue was found in Privoxy before version 3.0.32. An assertion could be triggered with a rafted CGI request, resulting in denial of service.
CVE-2021-20217 AVG-1524 Low Yes Denial of service
A security issue was found in privoxy before version 3.0.31. An assertion failure triggered by a crafted CGI request may lead to denial of service.
CVE-2021-20216 AVG-1524 Low Yes Denial of service
A security issue was found in privoxy before version 3.0.31. A memory leak when decompression fails unexpectedly may lead to denial of service.

Advisories

Date Advisory Group Severity Type
07 Feb 2021 ASA-202102-21 AVG-1524 Low denial of service