ID

VAR-202112-1037


CVE

CVE-2021-44542


TITLE

Privoxy  Vulnerability regarding lack of memory release after expiration in

Trust: 0.8

sources: JVNDB: JVNDB-2021-016709

DESCRIPTION

A memory leak vulnerability was found in Privoxy when handling errors. Privoxy Contains a vulnerability regarding the lack of free memory after expiration.Service operation interruption (DoS) It may be in a state. Privoxy is a proxy server of the Privoxy team in the United States that does not cache web pages and has its own filtering function. It features advanced filtering to enhance privacy, modify web page data and HTTP headers, control access, and remove ads and other annoying Internet junk. Privoxy has flexible configurations and can be customized according to individual needs. It is suitable for stand-alone systems and multi-user networks. There is an input validation error vulnerability in Privoxy, which is caused by the fact that the send_http_request of the product does not validate the input data effectively. An attacker could use this vulnerability to cause a denial of service

Trust: 2.25

sources: NVD: CVE-2021-44542 // JVNDB: JVNDB-2021-016709 // CNVD: CNVD-2022-08930 // VULMON: CVE-2021-44542

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-08930

AFFECTED PRODUCTS

vendor:privoxymodel:privoxyscope:ltversion:3.0.33

Trust: 1.6

vendor:privoxy developersmodel:privoxyscope: - version: -

Trust: 0.8

vendor:privoxy developersmodel:privoxyscope:eqversion: -

Trust: 0.8

sources: CNVD: CNVD-2022-08930 // JVNDB: JVNDB-2021-016709 // NVD: CVE-2021-44542

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-44542
value: HIGH

Trust: 1.0

NVD: CVE-2021-44542
value: HIGH

Trust: 0.8

CNVD: CNVD-2022-08930
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202112-828
value: HIGH

Trust: 0.6

VULMON: CVE-2021-44542
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-44542
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-08930
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-44542
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-44542
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-08930 // VULMON: CVE-2021-44542 // JVNDB: JVNDB-2021-016709 // CNNVD: CNNVD-202112-828 // NVD: CVE-2021-44542

PROBLEMTYPE DATA

problemtype:CWE-401

Trust: 1.0

problemtype:Lack of memory release after expiration (CWE-401) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-016709 // NVD: CVE-2021-44542

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-828

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202112-828

PATCH

title:send_http_request()url:https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c48d1d6d08

Trust: 0.8

title:Patch for Privoxy Input Validation Error Vulnerability (CNVD-2022-08930)url:https://www.cnvd.org.cn/patchInfo/show/318161

Trust: 0.6

title:Privoxy Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176524

Trust: 0.6

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-44542 log

Trust: 0.1

sources: CNVD: CNVD-2022-08930 // VULMON: CVE-2021-44542 // JVNDB: JVNDB-2021-016709 // CNNVD: CNNVD-202112-828

EXTERNAL IDS

db:NVDid:CVE-2021-44542

Trust: 3.9

db:CS-HELPid:SB2021121013

Trust: 1.2

db:JVNDBid:JVNDB-2021-016709

Trust: 0.8

db:CNVDid:CNVD-2022-08930

Trust: 0.6

db:CNNVDid:CNNVD-202112-828

Trust: 0.6

db:VULMONid:CVE-2021-44542

Trust: 0.1

sources: CNVD: CNVD-2022-08930 // VULMON: CVE-2021-44542 // JVNDB: JVNDB-2021-016709 // CNNVD: CNNVD-202112-828 // NVD: CVE-2021-44542

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2021-44542

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2021121013

Trust: 1.2

url:https://www.privoxy.org/3.0.33/user-manual/whatsnew.html%2c

Trust: 1.0

url:https://www.privoxy.org/gitweb/?p=privoxy.git%3ba=commit%3bh=c48d1d6d08

Trust: 1.0

url:https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c48d1d6d08

Trust: 0.7

url:https://www.privoxy.org/3.0.33/user-manual/whatsnew.html

Trust: 0.6

url:https://vigilance.fr/vulnerability/privoxy-four-vulnerabilities-37059

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/401.html

Trust: 0.1

url:https://www.privoxy.org/3.0.33/user-manual/whatsnew.html,

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://security.archlinux.org/cve-2021-44542

Trust: 0.1

url:http://seclists.org/oss-sec/2021/q4/148

Trust: 0.1

sources: CNVD: CNVD-2022-08930 // VULMON: CVE-2021-44542 // JVNDB: JVNDB-2021-016709 // CNNVD: CNNVD-202112-828 // NVD: CVE-2021-44542

SOURCES

db:CNVDid:CNVD-2022-08930
db:VULMONid:CVE-2021-44542
db:JVNDBid:JVNDB-2021-016709
db:CNNVDid:CNNVD-202112-828
db:NVDid:CVE-2021-44542

LAST UPDATE DATE

2024-08-14T15:01:15.114000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-08930date:2022-02-09T00:00:00
db:VULMONid:CVE-2021-44542date:2021-12-29T00:00:00
db:JVNDBid:JVNDB-2021-016709date:2022-12-21T04:53:00
db:CNNVDid:CNNVD-202112-828date:2022-01-05T00:00:00
db:NVDid:CVE-2021-44542date:2023-11-07T03:39:39.760

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-08930date:2022-02-09T00:00:00
db:VULMONid:CVE-2021-44542date:2021-12-23T00:00:00
db:JVNDBid:JVNDB-2021-016709date:2022-12-21T00:00:00
db:CNNVDid:CNNVD-202112-828date:2021-12-10T00:00:00
db:NVDid:CVE-2021-44542date:2021-12-23T20:15:12.043