CVE-2015-1030 — Missing Release of Memory after Effective Lifetime in Privoxy

CWE-399 CWE-401 — Missing Release of Memory after Effective Lifetime6 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

0.5%

top 32.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Privoxy Debian Privoxy

Timeline

PublishedJan 20

Latest updateMay 17

Description

Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are rejected because the socket limit is reached.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/privoxy< privoxy 3.0.21-5 (bookworm)

▶Debianprivoxy/privoxy< 3.0.21-5+3

▶NVDprivoxy/privoxy3.0.21

Patches

Patch: www.privoxy.org ↗Patch: www.privoxy.org ↗

🔴Vulnerability Details

GHSA

GHSA-mw79-95c5-8ph4: Memory leak in the rfc2553_connect_to function in jbsocket↗2022-05-17

▶

OSV

CVE-2015-1030: Memory leak in the rfc2553_connect_to function in jbsocket↗2015-01-20

▶

📋Vendor Advisories

Debian

CVE-2015-1030: privoxy - Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3...↗2015

▶

Red Hat

privoxy: potential flaws fixed in version 3.0.22↗2014-11-28

▶

💬Community

Bugzilla

CVE-2015-1030 privoxy: potential flaws fixed in version 3.0.22↗2014-12-01

▶