Bug 2278395 (CVE-2023-49606)

Summary: CVE-2023-49606 tinyproxy: HTTP connection headers use-after-free vulnerability
Product: [Other] Security Response Reporter: Robb Gatica <rgatica>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: urgent Docs Contact:
Priority: urgent    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2278396, 2278397    
Bug Blocks:    

Description Robb Gatica 2024-05-01 20:09:26 UTC 
A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote code execution. An attacker needs to make an unauthenticated HTTP request to trigger this vulnerability.

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889
Comment 1 Robb Gatica 2024-05-01 20:09:47 UTC 
Created tinyproxy tracking bugs for this issue:

Affects: epel-all [bug 2278397]
Affects: fedora-all [bug 2278396]