Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2021-44540

Published: 23 December 2021

A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing.

Priority

Medium

Cvss 3 Severity Score

7.5

Score breakdown

Status

Package Release Status
privoxy
Launchpad, Ubuntu, Debian
focal
Released (3.0.28-2ubuntu0.2)
jammy Not vulnerable
(3.0.33-1)
lunar Not vulnerable
(3.0.33-1)
trusty Needed

hirsute Ignored
(end of life)
impish Ignored
(end of life)
bionic
Released (3.0.26-5ubuntu0.3)
xenial Needs triage

upstream
Released (3.0.33-1)
kinetic Not vulnerable
(3.0.33-1)
Patches:
upstream: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commitdiff;h=652b4b7cb0

Severity score breakdown

Parameter Value
Base score 7.5
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H