Product
tinyproxy project tinyproxy
10 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-31842
CVE-2025-63938
CVE-2023-49606
CVE-2022-40468
CVE-2017-11747
CVE-2012-3505
CVE-2011-1843
CVE-2011-1499
CVE-2002-0847
CVE-2001-0129
<= 1.11.3
Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfe
<= 1.11.2
Tinyproxy through 1.11.2 contains an integer overflow vulnerability in the strip_return_port() function within src/reqs.c.
all versions
A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially
<= 1.11.1
Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy
<= 1.8.4
main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account,
<= 1.8.3
Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via (1) a large numb
<= 1.8.2
Integer overflow in conf.c in Tinyproxy before 1.8.3 might allow remote attackers to bypass intended access restrictions in opport
<= 1.8.2
acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP a
all versions
tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers to execute arbitrary code via memory that is freed twice (d
<= 1.3.2
Buffer overflow in Tinyproxy HTTP proxy 1.3.3 and earlier allows remote attackers to cause a denial of service and possibly execut