privoxy
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | A web proxy with advanced filtering capabilities. |
| Version | 3.0.34-3 [extra] |
Open
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2616 | 3.0.32-1 | Medium | Vulnerable |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-44543 | AVG-2616 | Medium | Yes | Cross-site scripting | A security issue has been found in Privoxy before version 3.0.33. cgi_error_no_template() did not encode the template name, which could lead to cross-site... |
| CVE-2021-44542 | AVG-2616 | Low | Yes | Denial of service | A security issue has been found in Privoxy before version 3.0.33. send_http_request() leaked memory when handling errors. |
| CVE-2021-44541 | AVG-2616 | Low | Yes | Denial of service | A security issue has been found in Privoxy before version 3.0.33. process_encrypted_request_headers() did not free header memory when failing to get the... |
| CVE-2021-44540 | AVG-2616 | Low | Yes | Denial of service | A security issue has been found in Privoxy before version 3.0.33. get_url_spec_param() did not free memory of compiled pattern spec before bailing. |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1656 | 3.0.31-1 | 3.0.32-1 | Medium | Fixed | |
| AVG-1524 | 3.0.30-1 | 3.0.31-1 | Low | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-20276 | AVG-1656 | Medium | Yes | Arbitrary code execution | A security issue was found in Privoxy before version 3.0.32. An invalid pattern passed to pcre_compile() could lead to invalid memory accesses. Note that... |
| CVE-2021-20275 | AVG-1656 | Medium | Yes | Denial of service | A security issue was found in Privoxy before version 3.0.32. There is an invalid read of size two in chunked_body_is_complete(). |
| CVE-2021-20274 | AVG-1656 | Medium | Yes | Denial of service | A security issue was found in Privoxy before version 3.0.32. A crash due to a NULL-pointer dereference when the SOCKS server misbehaves could result in... |
| CVE-2021-20273 | AVG-1656 | Medium | Yes | Denial of service | A security issue was found in Privoxy before version 3.0.32. Invalid image types in a crafted CGI request could lead to a crash, resulting in denial of service. |
| CVE-2021-20272 | AVG-1656 | Medium | Yes | Denial of service | A security issue was found in Privoxy before version 3.0.32. An assertion could be triggered with a rafted CGI request, resulting in denial of service. |
| CVE-2021-20217 | AVG-1524 | Low | Yes | Denial of service | A security issue was found in privoxy before version 3.0.31. An assertion failure triggered by a crafted CGI request may lead to denial of service. |
| CVE-2021-20216 | AVG-1524 | Low | Yes | Denial of service | A security issue was found in privoxy before version 3.0.31. A memory leak when decompression fails unexpectedly may lead to denial of service. |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 07 Feb 2021 | ASA-202102-21 | AVG-1524 | Low | denial of service |