Tinyproxy Product Security Update Advisory (CVE-2023-49606)

May 09 2024

Overview

We have released an update to address a vulnerability in our Tinyproxy product. users of affected versions are advised to update to the latest version.

Affected Products

Tinyproxy versions: 1.11.1, 1.10.0

Resolved Vulnerabilities

Use after free vulnerability in Tinyproxy HTTP connection header parsing (CVE-2023-49606)

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

Tinyproxy version: 1.11.2

Referenced Sites

[1] CVE-2023-49606 Detail

https://nvd.nist.gov/vuln/detail/CVE-2023-49606

[2] Tinyproxy HTTP Connection Headers use-after-free vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889

[3] some details about CVE-2023-49606 #533

https://github.com/tinyproxy/tinyproxy/issues/533?ref=news.risky.biz

Tinyproxy Product Security Update Advisory (CVE-2023-49606)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Xml-crypto package security update advisory

React-pdf package security update advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

Xml-crypto package security update advisory

React-pdf package security update advisory