CVE-2021-20216
Published: 5 February 2021
A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability.
Priority
Low
CVSS 3 base score: 7.5
Status
| Package | Release | Status |
|---|---|---|
|
privoxy Launchpad, Ubuntu, Debian |
bionic |
Released
(3.0.26-5ubuntu0.1)
|
| focal |
Released
(3.0.28-2ubuntu0.1)
|
|
| groovy |
Released
(3.0.28-3ubuntu0.1)
|
|
| hirsute |
Ignored
(reached end-of-life)
|
|
| impish |
Needed
|
|
| jammy |
Needed
|
|
| precise |
Does not exist
|
|
| trusty |
Released
(3.0.21-7+deb8u1ubuntu0.1~esm1)
|
|
| upstream |
Released
(3.0.31-1)
|
|
| xenial |
Released
(3.0.24-1ubuntu0.1)
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20216
- https://www.openwall.com/lists/oss-security/2021/01/31/2
- https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=f431d61740cc03c1c5f6b7f9c7a4a8d0bedd70dd (3.0.31)
- https://ubuntu.com/security/notices/USN-4886-1
- NVD
- Launchpad
- Debian