CVE-2021-20216

HIGH

Privoxy < 3.0.31 - Memory Leak

Title source: rule

Description

A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability.

References (4)

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=1923256

[Third Party Advisory] https://security.gentoo.org/glsa/202107-16

[Mailing List, Release Notes, Third Party Advisory] https://www.openwall.com/lists/oss-security/2021/01/31/2

[Release Notes, Vendor Advisory] https://www.privoxy.org/3.0.31/user-manual/whatsnew.html

Scores

CVSS v3 7.5

EPSS 0.0165

EPSS Percentile 81.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-401 CWE-400

Status published

Affected Products (1)

privoxy/privoxy < 3.0.31

Timeline

Published Mar 25, 2021

Tracked Since Feb 18, 2026