Gentoo update for Tinyproxy

Published: 2023-08-20

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2022-40468
CWE-ID	CWE-1188
Exploitation vector	Network
Public exploit	N/A
Vulnerable software Subscribe	Gentoo Linux Operating systems & Components / Operating system
Vendor	Gentoo

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Insecure Default Initialization of Resource

EUVDB-ID: #VU79737

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-40468

CWE-ID:

Exploit availability:

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to potential leak of left-over heap data if custom error page templates contain special non-standard variables. A remote attacker can gain access to sensitive information.

Mitigation

Update the affected packages.
net-proxy/tinyproxy to version:

Vulnerable software versions

Gentoo Linux: All versions

Fixed software versions

CPE2.3

cpe:2.3:o:gentoo:gentoo_linux:*:*:*:*:*:*:*:*

External links

http://security.gentoo.org/glsa/202305-27

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?