virus logo Threat Signal Report

Tinyproxy use-after-free Vulnerability (CVE-2023-49606)

Description

 

What is the vulnerability?

A use-after-free vulnerability tagged as CVE-2023-49606 exists in Tinyproxy, a lightweight open-source HTTP proxy daemon. The threat actor may trigger this memory corruption and execute arbitrary code by sending a specially crafted HTTP header that triggers the reuse of previously freed memory. That can lead to remote code execution. As of May 3, 2024, Censys observed over 90,000 hosts running Tinyproxy service exposed on the internet where 57% of which are potentially vulnerable to this CVE-2023-49606.

What is the recommended Mitigation?

FortiGuard Labs is not aware of any patches released by the vendor as of this report. To mitigate the risk, users are advised to make sure that Tinyproxy service is not exposed to the internet.

What FortiGuard Coverage is available?

FortiGuard Labs has released an IPS signature "Tinyproxy.HTTP.Connection.Headers.Use.After.Free" to detect and block attack attempts targeting the CVE-2023-49606. FortiGuard Incident Response team can be engaged to help with any suspected compromise.

Telemetry

Date May 07, 2024
CVE ID CVE-2023-49606
Threat/
Vulnerability		 Vulnerability
Experienced a Breach? We're here to help FortiGuard Incident Response Services
FortiGuard Incident Response Services