SB2021030132 - Fedora EPEL 7 update for privoxy

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021030132

SB2021030132 - Fedora EPEL 7 update for privoxy

Published: March 1, 2021

Security Bulletin ID SB2021030132
Severity
Medium
Patch available
YES
Number of vulnerabilities 8
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 8 secuirty vulnerabilities.


1) Memory leak (CVE-ID: CVE-2021-20209)

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in the show-status CGI handler when no action files are configured. A remote attacker can force the application to leak memory and perform denial of service attack.


2) Memory leak (CVE-ID: CVE-2021-20210)

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in the show-status CGI handler when no filter files are configured. A remote attacker can force the application to leak memory and perform denial of service attack.


3) Memory leak (CVE-ID: CVE-2021-20211)

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak when client tags are active. A remote attacker can force the application to leak memory and perform denial of service attack.


4) Memory leak (CVE-ID: CVE-2021-20212)

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak if multiple filters are executed and the last one is skipped due to a pcre error. A remote attacker can force the application to leak memory and perform denial of service attack.


5) NULL pointer dereference (CVE-ID: CVE-2021-20213)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error, if accept-intercepted-requests is  enabled. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.


6) Memory leak (CVE-ID: CVE-2021-20214)

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in the client-tags CGI handler when client tags are configured and memory allocations fail. A remote attacker can force the application to leak memory and perform denial of service attack.


7) Memory leak (CVE-ID: CVE-2021-20215)

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in the show-status CGI handler when memory allocations fail. A remote attacker can force the application to leak memory and perform denial of service attack.


8) Memory leak (CVE-ID: CVE-2020-35502)

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak when a response is buffered and the buffer limit is reached or Privoxy is running out of memory. A remote attacker can force the application to leak memory and perform denial of service attack.


Remediation

Install update from vendor's website.

References