CVE-2012-3505

Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via (1) a large number of headers or (2) a large number of forged headers that trigger hash collisions predictably.  bucket.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
VendorProductVersion
banutinyproxy
𝑥
≤ 1.8.3
banutinyproxy
1.5.0
banutinyproxy
1.5.0:pre1
banutinyproxy
1.5.0:pre2
banutinyproxy
1.5.0:pre3
banutinyproxy
1.5.0:pre4
banutinyproxy
1.5.0:pre5
banutinyproxy
1.5.0:pre6
banutinyproxy
1.5.0:rc1
banutinyproxy
1.5.0:rc10
banutinyproxy
1.5.0:rc2
banutinyproxy
1.5.0:rc4
banutinyproxy
1.5.0:rc5
banutinyproxy
1.5.0:rc6
banutinyproxy
1.5.0:rc7
banutinyproxy
1.5.0:rc8
banutinyproxy
1.5.0:rc9
banutinyproxy
1.5.1
banutinyproxy
1.5.1:pre1
banutinyproxy
1.5.1:pre2
banutinyproxy
1.5.1:pre3
banutinyproxy
1.5.1:pre4
banutinyproxy
1.5.1:pre5
banutinyproxy
1.5.1:pre6
banutinyproxy
1.5.1:rc1
banutinyproxy
1.5.1:rc2
banutinyproxy
1.5.1:rc3
banutinyproxy
1.5.1:rc4
banutinyproxy
1.5.2
banutinyproxy
1.5.2:rc1
banutinyproxy
1.5.2:rc2
banutinyproxy
1.5.3
banutinyproxy
1.5.3:rc1
banutinyproxy
1.6.0
banutinyproxy
1.6.0:a
banutinyproxy
1.6.0:pre1
banutinyproxy
1.6.0:pre2
banutinyproxy
1.6.0:pre3
banutinyproxy
1.6.0:pre4
banutinyproxy
1.6.0:rc1
banutinyproxy
1.6.0:rc2
banutinyproxy
1.6.0:rc3
banutinyproxy
1.6.1
banutinyproxy
1.6.2
banutinyproxy
1.6.3
banutinyproxy
1.6.4
banutinyproxy
1.6.5
banutinyproxy
1.7.0
banutinyproxy
1.7.1
banutinyproxy
1.8.0
banutinyproxy
1.8.1
banutinyproxy
1.8.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
tinyproxy
bullseye
1.10.0-5
fixed
bullseye (security)
1.10.0-5+deb11u1
fixed
bookworm
1.11.1-2.1+deb12u1
fixed
bookworm (security)
1.11.1-2.1+deb12u1
fixed
sid
1.11.2-1
fixed
trixie
1.11.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
tinyproxy
wily
not-affected
vivid
ignored
utopic
ignored
trusty
not-affected
saucy
ignored
raring
ignored
quantal
ignored
precise
Fixed 1.8.3-1ubuntu0.1
released
oneiric
ignored
natty
ignored
lucid
ignored
hardy
ignored
Common Weakness Enumeration
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685281
http://secunia.com/advisories/50278
http://secunia.com/advisories/51074
http://www.debian.org/security/2012/dsa-2564
http://www.openwall.com/lists/oss-security/2012/08/17/3
http://www.openwall.com/lists/oss-security/2012/08/18/1
http://www.securitytracker.com/id?1027412
https://banu.com/bugzilla/show_bug.cgi?id=110
https://banu.com/bugzilla/show_bug.cgi?id=110#c2
https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685281
http://secunia.com/advisories/50278
http://secunia.com/advisories/51074
http://www.debian.org/security/2012/dsa-2564
http://www.openwall.com/lists/oss-security/2012/08/17/3
http://www.openwall.com/lists/oss-security/2012/08/18/1
http://www.securitytracker.com/id?1027412
https://banu.com/bugzilla/show_bug.cgi?id=110
https://banu.com/bugzilla/show_bug.cgi?id=110#c2
https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985