CVE-2022-40468

High

Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit…

mitre·CWE-1188·Published 2022-09-19

CVSS

7.5

EPSS

0.01

KEV

Exploits

Vendor statements (1)

security.gentoo.org

cve.orgen

214 chars

Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in process_request() function.

NVDes

265 chars

Posible fuga de datos sobrantes de la pila si se utilizan plantillas de páginas de error personalizadas que contienen variables especiales no estándar. El commit 84f203f de Tinyproxy y los anteriores utilizan búferes no inicializados en la función process_request()

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N