CVE-2001-0129

Tinyproxy < 1.3.2 - Buffer Overflow via Long Connect Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0129. PoCs published by CyRaX.

AI-analyzed exploit summary This exploit targets a heap overflow vulnerability in tinyproxy versions 1.3.2 and 1.3.3 by sending a maliciously crafted 'connect' request. It leverages a buffer overflow in the error message handling to overwrite heap structures and achieve arbitrary code execution.

Description

Buffer overflow in Tinyproxy HTTP proxy 1.3.3 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long connect request.

Exploits (1)

exploitdb WORKING POC VERIFIED
by CyRaX · cremotewindows
https://www.exploit-db.com/exploits/20559

This exploit targets a heap overflow vulnerability in tinyproxy versions 1.3.2 and 1.3.3 by sending a maliciously crafted 'connect' request. It leverages a buffer overflow in the error message handling to overwrite heap structures and achieve arbitrary code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Racy
Target: tinyproxy 1.3.2, 1.3.3
No auth needed
Prerequisites: Network access to the target tinyproxy server · Knowledge of target memory addresses for shellcode and free_hook
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5954
Patch vendor-advisory x_refsource_debian
http://www.debian.org/security/2001/dsa-018
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/2217
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=97975486527750&w=2

Scores

EPSS 0.1390
EPSS Percentile 96.1%

Details

Status published
Products (2)
tinyproxy/tinyproxy 1.3.3
tinyproxy/tinyproxy < 1.3.2
Published Mar 12, 2001
Tracked Since Feb 18, 2026