CVE-2021-20215

Description


A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler when memory allocations fail can lead to a system crash.

References


Issue TrackingPatchThird Party Advisory

Release NotesVendor Advisory

CvssV3 impact


BaseSeverity

HIGH

ConfidentialityImpact

NONE

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

NETWORK

AvailabilityImpact

HIGH

IntegrityImpact

NONE

PrivilegesRequired

NONE

BaseScore

7.5

VectorString

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Version

3.1

UserInteraction

NONE

CvssV2 impact


AccessComplexity

LOW

ConfidentialityImpact

NONE

AvailabilityImpact

COMPLETE

IntegrityImpact

NONE

BaseScore

7.8

VectorString

AV:N/AC:L/Au:N/C:N/I:N/A:C

Version

2.0

AccessVector

NETWORK

Authentication

NONE