CVE-2015-1031 — NULL Pointer Dereference in Privoxy

CWE-476 — NULL Pointer Dereference7 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.7%

top 28.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Privoxy Debian Privoxy

Timeline

PublishedFeb 10

Latest updateMay 17

Description

Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to (1) the unmap function in list.c or (2) "two additional unconfirmed use-after-free complaints made by Coverity scan." NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/privoxy< privoxy 3.0.21-5 (bookworm)

▶Debianprivoxy/privoxy< 3.0.21-5+3

▶NVDprivoxy/privoxy3.0.21

Patches

Patch: www.privoxy.org ↗Patch: www.privoxy.org ↗

🔴Vulnerability Details

GHSA

GHSA-p49r-xm5f-3r8x: Multiple use-after-free vulnerabilities in Privoxy before 3↗2022-05-17

▶

OSV

CVE-2015-1031: Multiple use-after-free vulnerabilities in Privoxy before 3↗2015-02-10

▶

📋Vendor Advisories

Debian

CVE-2015-1031: privoxy - Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote at...↗2015

▶

Red Hat

privoxy: several use-after-free issues in list.c↗2014-11-28

▶

💬Community

Bugzilla

CVE-2015-1031 privoxy: several use-after-free issues in list.c↗2015-03-18

▶

Bugzilla

CVE-2015-1030 privoxy: potential flaws fixed in version 3.0.22↗2014-12-01

▶