Source: tinyproxy Version: 1.11.3-1 Severity: important Tags: security upstream Forwarded: https://github.com/tinyproxy/tinyproxy/issues/602 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for tinyproxy. CVE-2026-3945[0]: | An integer overflow vulnerability in the HTTP chunked transfer | encoding parser in tinyproxy up to and including version 1.11.3 | allows an unauthenticated remote attacker to cause a denial of | service (DoS). The issue occurs because chunk size values are parsed | using strtol() without properly validating overflow conditions | (e.g., errno == ERANGE). A crafted chunk size such as | 0x7fffffffffffffff (LONG_MAX) bypasses the existing validation check | (chunklen < 0), leading to a signed integer overflow during | arithmetic operations (chunklen + 2). This results in incorrect size | calculations, causing the proxy to attempt reading an extremely | large amount of request-body data and holding worker connections | open indefinitely. An attacker can exploit this behavior to exhaust | all available worker slots, preventing new connections from being | accepted and causing complete service unavailability. Upstream | addressed this issue in commit bb7edc4; however, the latest stable | release (1.11.3) remains affected at the time of publication. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-3945 https://www.cve.org/CVERecord?id=CVE-2026-3945 [1] https://github.com/tinyproxy/tinyproxy/issues/602 [2] https://github.com/tinyproxy/tinyproxy/pull/603 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
