search

d0rb / CVE-2023-49606

Critical use-after-free vulnerability discovered in Tinyproxy
3 stars 0 forks source link

šŸ‡®šŸ‡± #BringThemHome #NeverAgainIsNow šŸ‡®šŸ‡± #2

Open shon4840 opened 4 months ago

shon4840 commented 4 months ago

šŸ‡®šŸ‡± #BringThemHome #NeverAgainIsNow šŸ‡®šŸ‡±

I love Uā¤ļø

d0rb commented 4 months ago

Issue remains open until the safe return of our brothers and sisters šŸ‡®šŸ‡±šŸ’”

mbana commented 4 months ago

Can we keep this strictly professional, please.

Are you trolling? What's the purpose of this repository?

Anyway, I don't think RCE is possible for this CVE. Prove me wrong, please.

shon4840 commented 4 months ago

Can we keep this strictly professional, please.

Are you trolling? What's the purpose of this repository?

Anyway, I don't think RCE is possible for this CVE. Prove me wrong, please.

Go to any site that has information about this vulnerability and you will find that it is both an RCE vulnerability and a DoS vulnerability.

https://nvd.nist.gov/vuln/detail/CVE-2023-49606?trk=public_post_comment-text

A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote code execution. An attacker needs to make an unauthenticated HTTP request to trigger this vulnerability.

mbana commented 4 months ago

It says could lead.

If you research further into the issue you will see that see that the UAF (variable) is only read from, and it is never written to. A RCE is not possible in these circumstances. Prove me wrong.

shon4840 commented 4 months ago

It says could lead.

If you research further into the issue you will see that see that the UAF (variable) is only read from, and it is never written to. A RCE is not possible in these circumstances. Prove me wrong.

You are wrong, I advise you to go and study more information about this vulnerability, I see no point in continuing to argue with you.

d0rb commented 4 months ago

Can we keep this strictly professional, please.

Are you trolling? What's the purpose of this repository?

Anyway, I don't think RCE is possible for this CVE. Prove me wrong, please.

Hey Mohamd, I'm sorry if you feel offended by this, but it's my Git and my rule and I approve this and it's definitely not trolling.

I'm not offering support for my CVEs. If you could follow the README on my main page, it would be greatly appreciated.

Wishing the best for all of us, but bringing them home is first and foremost.