ALT-PU-2022-5860-1

Обновление пакета privoxy в ветке p10_e2k

Версия3.0.33-alt1

Задание#0

Опубликовано2022-08-30

Макс. серьёзностьHIGH

Серьёзность:

Закрытые проблемы (4)

HIGH7.5

A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing.

Опубликовано: 2021-12-23Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS 3.xВЫСОКАЯ 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Ссылки

HIGH7.5

A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory when failing to get the request destination.

Опубликовано: 2021-12-23Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS 3.xВЫСОКАЯ 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Ссылки

HIGH7.5

A memory leak vulnerability was found in Privoxy when handling errors.

Опубликовано: 2021-12-23Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS 3.xВЫСОКАЯ 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Ссылки

MEDIUM6.1

An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself.

Опубликовано: 2021-12-23Изменено: 2024-11-21

CVSS 2.0НИЗКАЯ 2.6

CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:P/A:N

CVSS 3.xСРЕДНЯЯ 6.1

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Ссылки