VAR-202112-1037
Vulnerability from variot - Updated: 2023-12-18 12:55A memory leak vulnerability was found in Privoxy when handling errors. Privoxy Contains a vulnerability regarding the lack of free memory after expiration.Service operation interruption (DoS) It may be in a state. Privoxy is a proxy server of the Privoxy team in the United States that does not cache web pages and has its own filtering function. It features advanced filtering to enhance privacy, modify web page data and HTTP headers, control access, and remove ads and other annoying Internet junk. Privoxy has flexible configurations and can be customized according to individual needs. It is suitable for stand-alone systems and multi-user networks.
There is an input validation error vulnerability in Privoxy, which is caused by the fact that the send_http_request of the product does not validate the input data effectively. An attacker could use this vulnerability to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-1037",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "privoxy",
"scope": "lt",
"trust": 1.6,
"vendor": "privoxy",
"version": "3.0.33"
},
{
"model": "privoxy",
"scope": null,
"trust": 0.8,
"vendor": "privoxy developers",
"version": null
},
{
"model": "privoxy",
"scope": "eq",
"trust": 0.8,
"vendor": "privoxy developers",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08930"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016709"
},
{
"db": "NVD",
"id": "CVE-2021-44542"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.33",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-44542"
}
]
},
"cve": "CVE-2021-44542",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-44542",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-08930",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-44542",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-44542",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2022-08930",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-828",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-44542",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08930"
},
{
"db": "VULMON",
"id": "CVE-2021-44542"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016709"
},
{
"db": "NVD",
"id": "CVE-2021-44542"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-828"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A memory leak vulnerability was found in Privoxy when handling errors. Privoxy Contains a vulnerability regarding the lack of free memory after expiration.Service operation interruption (DoS) It may be in a state. Privoxy is a proxy server of the Privoxy team in the United States that does not cache web pages and has its own filtering function. It features advanced filtering to enhance privacy, modify web page data and HTTP headers, control access, and remove ads and other annoying Internet junk. Privoxy has flexible configurations and can be customized according to individual needs. It is suitable for stand-alone systems and multi-user networks. \n\r\n\r\nThere is an input validation error vulnerability in Privoxy, which is caused by the fact that the send_http_request of the product does not validate the input data effectively. An attacker could use this vulnerability to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-44542"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016709"
},
{
"db": "CNVD",
"id": "CNVD-2022-08930"
},
{
"db": "VULMON",
"id": "CVE-2021-44542"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-44542",
"trust": 3.9
},
{
"db": "CS-HELP",
"id": "SB2021121013",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016709",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-08930",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-828",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-44542",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08930"
},
{
"db": "VULMON",
"id": "CVE-2021-44542"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016709"
},
{
"db": "NVD",
"id": "CVE-2021-44542"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-828"
}
]
},
"id": "VAR-202112-1037",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08930"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08930"
}
]
},
"last_update_date": "2023-12-18T12:55:18.772000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "send_http_request()",
"trust": 0.8,
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c48d1d6d08"
},
{
"title": "Patch for Privoxy Input Validation Error Vulnerability (CNVD-2022-08930)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/318161"
},
{
"title": "Privoxy Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=176524"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2021-44542 log"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08930"
},
{
"db": "VULMON",
"id": "CVE-2021-44542"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016709"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-828"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-401",
"trust": 1.0
},
{
"problemtype": "Lack of memory release after expiration (CWE-401) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016709"
},
{
"db": "NVD",
"id": "CVE-2021-44542"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44542"
},
{
"trust": 1.2,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021121013"
},
{
"trust": 1.0,
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2c"
},
{
"trust": 1.0,
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git%3ba=commit%3bh=c48d1d6d08"
},
{
"trust": 0.7,
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c48d1d6d08"
},
{
"trust": 0.6,
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/privoxy-four-vulnerabilities-37059"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/401.html"
},
{
"trust": 0.1,
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html,"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://security.archlinux.org/cve-2021-44542"
},
{
"trust": 0.1,
"url": "http://seclists.org/oss-sec/2021/q4/148"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08930"
},
{
"db": "VULMON",
"id": "CVE-2021-44542"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016709"
},
{
"db": "NVD",
"id": "CVE-2021-44542"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-828"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-08930"
},
{
"db": "VULMON",
"id": "CVE-2021-44542"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016709"
},
{
"db": "NVD",
"id": "CVE-2021-44542"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-828"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-08930"
},
{
"date": "2021-12-23T00:00:00",
"db": "VULMON",
"id": "CVE-2021-44542"
},
{
"date": "2022-12-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016709"
},
{
"date": "2021-12-23T20:15:12.043000",
"db": "NVD",
"id": "CVE-2021-44542"
},
{
"date": "2021-12-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-828"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-08930"
},
{
"date": "2021-12-29T00:00:00",
"db": "VULMON",
"id": "CVE-2021-44542"
},
{
"date": "2022-12-21T04:53:00",
"db": "JVNDB",
"id": "JVNDB-2021-016709"
},
{
"date": "2023-11-07T03:39:39.760000",
"db": "NVD",
"id": "CVE-2021-44542"
},
{
"date": "2022-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-828"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-828"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Privoxy\u00a0 Vulnerability regarding lack of memory release after expiration in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016709"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-828"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…