var-202112-1037
Vulnerability from variot
A memory leak vulnerability was found in Privoxy when handling errors. Privoxy Contains a vulnerability regarding the lack of free memory after expiration.Service operation interruption (DoS) It may be in a state. Privoxy is a proxy server of the Privoxy team in the United States that does not cache web pages and has its own filtering function. It features advanced filtering to enhance privacy, modify web page data and HTTP headers, control access, and remove ads and other annoying Internet junk. Privoxy has flexible configurations and can be customized according to individual needs. It is suitable for stand-alone systems and multi-user networks.
There is an input validation error vulnerability in Privoxy, which is caused by the fact that the send_http_request of the product does not validate the input data effectively. An attacker could use this vulnerability to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-1037",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "privoxy",
"scope": "lt",
"trust": 1.6,
"vendor": "privoxy",
"version": "3.0.33"
},
{
"model": "privoxy",
"scope": null,
"trust": 0.8,
"vendor": "privoxy developers",
"version": null
},
{
"model": "privoxy",
"scope": "eq",
"trust": 0.8,
"vendor": "privoxy developers",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08930"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016709"
},
{
"db": "NVD",
"id": "CVE-2021-44542"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.33",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-44542"
}
]
},
"cve": "CVE-2021-44542",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-44542",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-08930",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-44542",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-44542",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2022-08930",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-828",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-44542",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08930"
},
{
"db": "VULMON",
"id": "CVE-2021-44542"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016709"
},
{
"db": "NVD",
"id": "CVE-2021-44542"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-828"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A memory leak vulnerability was found in Privoxy when handling errors. Privoxy Contains a vulnerability regarding the lack of free memory after expiration.Service operation interruption (DoS) It may be in a state. Privoxy is a proxy server of the Privoxy team in the United States that does not cache web pages and has its own filtering function. It features advanced filtering to enhance privacy, modify web page data and HTTP headers, control access, and remove ads and other annoying Internet junk. Privoxy has flexible configurations and can be customized according to individual needs. It is suitable for stand-alone systems and multi-user networks. \n\r\n\r\nThere is an input validation error vulnerability in Privoxy, which is caused by the fact that the send_http_request of the product does not validate the input data effectively. An attacker could use this vulnerability to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-44542"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016709"
},
{
"db": "CNVD",
"id": "CNVD-2022-08930"
},
{
"db": "VULMON",
"id": "CVE-2021-44542"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-44542",
"trust": 3.9
},
{
"db": "CS-HELP",
"id": "SB2021121013",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016709",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-08930",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-828",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-44542",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08930"
},
{
"db": "VULMON",
"id": "CVE-2021-44542"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016709"
},
{
"db": "NVD",
"id": "CVE-2021-44542"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-828"
}
]
},
"id": "VAR-202112-1037",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08930"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08930"
}
]
},
"last_update_date": "2023-12-18T12:55:18.772000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "send_http_request()",
"trust": 0.8,
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c48d1d6d08"
},
{
"title": "Patch for Privoxy Input Validation Error Vulnerability (CNVD-2022-08930)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/318161"
},
{
"title": "Privoxy Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=176524"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2021-44542 log"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08930"
},
{
"db": "VULMON",
"id": "CVE-2021-44542"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016709"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-828"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-401",
"trust": 1.0
},
{
"problemtype": "Lack of memory release after expiration (CWE-401) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016709"
},
{
"db": "NVD",
"id": "CVE-2021-44542"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44542"
},
{
"trust": 1.2,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021121013"
},
{
"trust": 1.0,
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2c"
},
{
"trust": 1.0,
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git%3ba=commit%3bh=c48d1d6d08"
},
{
"trust": 0.7,
"url": "https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c48d1d6d08"
},
{
"trust": 0.6,
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/privoxy-four-vulnerabilities-37059"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/401.html"
},
{
"trust": 0.1,
"url": "https://www.privoxy.org/3.0.33/user-manual/whatsnew.html,"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://security.archlinux.org/cve-2021-44542"
},
{
"trust": 0.1,
"url": "http://seclists.org/oss-sec/2021/q4/148"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-08930"
},
{
"db": "VULMON",
"id": "CVE-2021-44542"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016709"
},
{
"db": "NVD",
"id": "CVE-2021-44542"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-828"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-08930"
},
{
"db": "VULMON",
"id": "CVE-2021-44542"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-016709"
},
{
"db": "NVD",
"id": "CVE-2021-44542"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-828"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-08930"
},
{
"date": "2021-12-23T00:00:00",
"db": "VULMON",
"id": "CVE-2021-44542"
},
{
"date": "2022-12-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-016709"
},
{
"date": "2021-12-23T20:15:12.043000",
"db": "NVD",
"id": "CVE-2021-44542"
},
{
"date": "2021-12-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-828"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-08930"
},
{
"date": "2021-12-29T00:00:00",
"db": "VULMON",
"id": "CVE-2021-44542"
},
{
"date": "2022-12-21T04:53:00",
"db": "JVNDB",
"id": "JVNDB-2021-016709"
},
{
"date": "2023-11-07T03:39:39.760000",
"db": "NVD",
"id": "CVE-2021-44542"
},
{
"date": "2022-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-828"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-828"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Privoxy\u00a0 Vulnerability regarding lack of memory release after expiration in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-016709"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-828"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.