CVE-2020-35502

HIGH

Privoxy < 3.0.29 - Memory Leak

Title source: rule

Description

A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory can lead to a system crash.

References (3)

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=1928749

[Third Party Advisory] https://security.gentoo.org/glsa/202107-16

[Release Notes, Vendor Advisory] https://www.privoxy.org/3.0.29/user-manual/whatsnew.html

Scores

CVSS v3 7.5

EPSS 0.0064

EPSS Percentile 70.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-401

Status published

Affected Products (1)

privoxy/privoxy < 3.0.29

Timeline

Published Mar 25, 2021

Tracked Since Feb 18, 2026