CVE-2021-20215

HIGH

Privoxy < 3.0.29 - Memory Leak

Title source: rule

Description

A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler when memory allocations fail can lead to a system crash.

References (3)

[Issue Tracking, Patch, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=1928746

[Third Party Advisory] https://security.gentoo.org/glsa/202107-16

[Release Notes, Vendor Advisory] https://www.privoxy.org/3.0.29/user-manual/whatsnew.html

Scores

CVSS v3 7.5

EPSS 0.0112

EPSS Percentile 78.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-401

Status published

Affected Products (1)

privoxy/privoxy < 3.0.29

Timeline

Published Mar 25, 2021

Tracked Since Feb 18, 2026