May 9, 2024, 1:36 a.m. |

FortiGuard Labs | FortiGuard Center - Threat Signal Report fortiguard.fortinet.com

What is the vulnerability?A use-after-free vulnerability tagged as CVE-2023-49606 exists in Tinyproxy, a lightweight open-source HTTP proxy daemon. The threat actor may trigger this memory corruption and execute arbitrary code by sending a specially crafted HTTP header that triggers the reuse of previously freed memory. That can lead to remote code execution. As of May 3, 2024, Censys observed over 90,000 hosts running Tinyproxy service exposed on the internet where 57% of which are potentially vulnerable to this CVE-2023-49606.What is …

actor arbitrary code can code code execution corruption cve daemon free header http may memory memory corruption proxy remote code remote code execution reuse threat threat actor tinyproxy trigger use-after-free vulnerability what is

Sr. Product Manager

@ MixMode | Remote, US

Assoc/Mid ET P&C Control System Field Compliance Analyst (Glen Allen, VA)

@ Dominion Energy | GLEN ALLEN, VA, US, 23060

Technology Risk & Controls Lead- PCI Compliance

@ JPMorgan Chase & Co. | Plano, TX, United States

Editor, Compliance Risk and Diligence

@ Kroll | Manila, Philippines

KGS - KDN IAM Associate Consultant - Bengaluru

@ KPMG India | Bengaluru, Karnataka, India

KGS - IAM KDN Consultant - Bengaluru

@ KPMG India | Bengaluru, Karnataka, India