CVE-2021-20273

nvd nist

Published: Mar 9, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off.

Affected (2)

Products: Privoxy: Privoxy · Debian: Debian Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Privoxy Privoxy	Before 3.0.32

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 9.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (8)

https://bugzilla.redhat.com/show_bug.cgi?id=1936658

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html

Source: secalert@redhat.com

Third Party Advisory

https://security.gentoo.org/glsa/202107-16

Source: secalert@redhat.com

Third Party Advisory

https://www.privoxy.org/announce.txt

Source: secalert@redhat.com

Release NotesVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1936658

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/03/msg00009.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://security.gentoo.org/glsa/202107-16

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.privoxy.org/announce.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.