Vulnerability CVE-2016-1982: Information

Description

The remove_chunked_transfer_coding function in filters.c in Privoxy before 3.0.24 allows remote attackers to cause a denial of service (invalid read and crash) via crafted chunk-encoded content.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2016-1982
Published: Jan. 27, 2016
Modified: Dec. 6, 2016
Error type identifier: CWE-20

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
privoxysisyphus3.0.24-alt13.0.34-alt1ALT-PU-2016-1422-1164103Fixed
privoxyp103.0.24-alt13.0.33-alt1ALT-PU-2016-1422-1164103Fixed
privoxyp93.0.24-alt13.0.28-alt2ALT-PU-2016-1422-1164103Fixed
privoxyc10f13.0.24-alt13.0.33-alt1ALT-PU-2016-1422-1164103Fixed
privoxyc9f23.0.24-alt13.0.28-alt2ALT-PU-2016-1422-1164103Fixed
privoxyp113.0.24-alt13.0.34-alt1ALT-PU-2016-1422-1164103Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
[oss-security] 20160121 CVE request for Privoxy 3.0.24
    [oss-security] 20160121 Re: CVE request for Privoxy 3.0.24
      http://www.privoxy.org/announce.txt
      • Vendor Advisory
      FEDORA-2016-29995fbd42
        FEDORA-2016-bc7acd24c6
          DSA-3460

              1. Configuration 1

                cpe:2.3:a:privoxy:privoxy:*:*:*:*:*:*:*:*
                End including
                3.0.23
            VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
            Version: v24.5.3
            Back to top