| Vulnerability Name: | CVE-2021-44540 (CCN-214893) | ||||||||||||||||||||
| Assigned: | 2021-12-09 | ||||||||||||||||||||
| Published: | 2021-12-09 | ||||||||||||||||||||
| Updated: | 2022-01-06 | ||||||||||||||||||||
| Summary: | A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing. | ||||||||||||||||||||
| CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||||||||||||||
| Vulnerability Type: | CWE-401 | ||||||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2021-44540 Source: XF Type: UNKNOWN privoxy-cve202144540-dos(214893) Source: CCN Type: oss-sec Mailing List, Thu, 9 Dec 2021 13:02:18 +0100 Multiple issues fixed in Privoxy 3.0.33 stable Source: CCN Type: Privoxy Web site Privoxy Source: MISC Type: Broken Link, Vendor Advisory https://www.privoxy.org/3.0.33/user-manual/whatsnew.html, Source: MISC Type: Mailing List, Patch, Vendor Advisory https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=652b4b7cb0 Source: CCN Type: WhiteSource Vulnerability Database CVE-2021-44540 | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||