CVE-2022-40468

Published: Sep 19, 2022

Modified: Nov 4, 2025

PUBLISHED

Description

Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in process_request() function.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/tinyproxy/tinyproxy

https://github.com/tinyproxy/tinyproxy/blob/84f203fb1c4733608c7283bbe794005a469c4b00/src/reqs.c#L346

https://github.com/tinyproxy/tinyproxy/issues/457

https://github.com/tinyproxy/tinyproxy/issues/457#issuecomment-1264176815

GLSA-202305-27

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-40468

Description

Affected Products

References