CVE-2020-35502

Published: Mar 25, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory can lead to a system crash.

Affected (1)

Products: Privoxy: Privoxy

Privoxy

1 product

Privoxy

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Privoxy Privoxy	Before 3.0.29

Related CWEs

CWE-401

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (6)

https://bugzilla.redhat.com/show_bug.cgi?id=1928749

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://security.gentoo.org/glsa/202107-16

Source: secalert@redhat.com

Third Party Advisory

https://www.privoxy.org/3.0.29/user-manual/whatsnew.html

Source: secalert@redhat.com

Release NotesVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1928749

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://security.gentoo.org/glsa/202107-16

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.privoxy.org/3.0.29/user-manual/whatsnew.html

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.