CVE-2021-20214

Published: Mar 25, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail can lead to a system crash.

Affected (1)

Products: Privoxy: Privoxy

Privoxy

1 product

Privoxy

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Privoxy Privoxy	Before 3.0.29

Related CWEs

CWE-401

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (6)

https://bugzilla.redhat.com/show_bug.cgi?id=1928742

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://security.gentoo.org/glsa/202107-16

Source: secalert@redhat.com

Third Party Advisory

https://www.privoxy.org/3.0.29/user-manual/whatsnew.html

Source: secalert@redhat.com

Release NotesVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1928742

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://security.gentoo.org/glsa/202107-16

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.privoxy.org/3.0.29/user-manual/whatsnew.html

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.