{"id":10816,"date":"2024-05-07T04:50:28","date_gmt":"2024-05-07T04:50:28","guid":{"rendered":"https:\/\/sekuritasit.com\/?p=10816"},"modified":"2024-05-07T04:50:28","modified_gmt":"2024-05-07T04:50:28","slug":"tinyproxy-use-after-free-vulnerability-cve-2023-49606","status":"publish","type":"post","link":"https:\/\/sekuritasit.com\/index.php\/2024\/05\/07\/tinyproxy-use-after-free-vulnerability-cve-2023-49606\/","title":{"rendered":"Tinyproxy use-after-free Vulnerability (CVE-2023-49606)"},"content":{"rendered":"<p>\u00a0What is the vulnerability?A use-after-free vulnerability tagged as CVE-2023-49606 exists in Tinyproxy, a lightweight open-source HTTP proxy daemon. The threat actor may trigger this memory corruption and execute arbitrary code by sending a specially crafted HTTP header that triggers the reuse of previously freed memory. That can lead to remote code execution. As of May 3, 2024, Censys observed over 90,000 hosts running Tinyproxy service exposed in the Internet where 57% of which are potentially vulnerable to this CVE-2023-49606.What is the recommended Mitigation?FortiGuard Labs is not aware of any patches released by the vendor as of this report. To mitigate the risk, users are advised to make sure that Tinyproxy service is not exposed to the internet.What FortiGuard Coverage is available?FortiGuard Labs is currently investigating relevant protections and will update the threat signal as they are released. FortiGuard Incident Response team can be engaged to help with any suspected compromise.<a href=\"https:\/\/fortiguard.fortinet.com\/threat-signal-report\/5434\" target=\"_blank\" class=\"feedzy-rss-link-icon\" rel=\"noopener\">Read More<\/a>\u00a0<\/p>","protected":false},"excerpt":{"rendered":"<p>\u00a0What is the vulnerability?A use-after-free vulnerability tagged as CVE-2023-49606 exists in Tinyproxy, a lightweight open-source HTTP proxy daemon. The threat actor may trigger this memory corruption and execute arbitrary code by sending a specially crafted HTTP header that triggers the reuse of previously freed memory. That can lead to remote code execution. As of May [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-10816","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.8 - aioseo.com -->\n\t<meta name=\"description\" content=\"What is the vulnerability?A use-after-free vulnerability tagged as CVE-2023-49606 exists in Tinyproxy, a lightweight open-source HTTP proxy daemon. The threat actor may trigger this memory corruption and execute arbitrary code by sending a specially crafted HTTP header that triggers the reuse of previously freed memory. That can lead to remote code execution. As of May\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<link rel=\"canonical\" href=\"https:\/\/sekuritasit.com\/index.php\/2024\/05\/07\/tinyproxy-use-after-free-vulnerability-cve-2023-49606\/\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.8\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_US\" \/>\n\t\t<meta property=\"og:site_name\" content=\"Sekuritas IT \u203a Creative solutions to unique challenges.\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"Tinyproxy use-after-free Vulnerability (CVE-2023-49606) \u203a Sekuritas IT\" \/>\n\t\t<meta property=\"og:description\" content=\"What is the vulnerability?A use-after-free vulnerability tagged as CVE-2023-49606 exists in Tinyproxy, a lightweight open-source HTTP proxy daemon. The threat actor may trigger this memory corruption and execute arbitrary code by sending a specially crafted HTTP header that triggers the reuse of previously freed memory. That can lead to remote code execution. As of May\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/sekuritasit.com\/index.php\/2024\/05\/07\/tinyproxy-use-after-free-vulnerability-cve-2023-49606\/\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2024-05-07T04:50:28+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2024-05-07T04:50:28+00:00\" \/>\n\t\t<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/profile.php?id=100086973577423\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n\t\t<meta name=\"twitter:title\" content=\"Tinyproxy use-after-free Vulnerability (CVE-2023-49606) \u203a Sekuritas IT\" \/>\n\t\t<meta name=\"twitter:description\" content=\"What is the vulnerability?A use-after-free vulnerability tagged as CVE-2023-49606 exists in Tinyproxy, a lightweight open-source HTTP proxy daemon. The threat actor may trigger this memory corruption and execute arbitrary code by sending a specially crafted HTTP header that triggers the reuse of previously freed memory. That can lead to remote code execution. As of May\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"BlogPosting\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/05\\\/07\\\/tinyproxy-use-after-free-vulnerability-cve-2023-49606\\\/#blogposting\",\"name\":\"Tinyproxy use-after-free Vulnerability (CVE-2023-49606) \\u203a Sekuritas IT\",\"headline\":\"Tinyproxy use-after-free Vulnerability (CVE-2023-49606)\",\"author\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/author\\\/#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#organization\"},\"datePublished\":\"2024-05-07T04:50:28+00:00\",\"dateModified\":\"2024-05-07T04:50:28+00:00\",\"inLanguage\":\"en-US\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/05\\\/07\\\/tinyproxy-use-after-free-vulnerability-cve-2023-49606\\\/#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/05\\\/07\\\/tinyproxy-use-after-free-vulnerability-cve-2023-49606\\\/#webpage\"},\"articleSection\":\"Uncategorized\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/05\\\/07\\\/tinyproxy-use-after-free-vulnerability-cve-2023-49606\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/sekuritasit.com\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/category\\\/uncategorized\\\/#listItem\",\"name\":\"Uncategorized\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/category\\\/uncategorized\\\/#listItem\",\"position\":2,\"name\":\"Uncategorized\",\"item\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/category\\\/uncategorized\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/05\\\/07\\\/tinyproxy-use-after-free-vulnerability-cve-2023-49606\\\/#listItem\",\"name\":\"Tinyproxy use-after-free Vulnerability (CVE-2023-49606)\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/05\\\/07\\\/tinyproxy-use-after-free-vulnerability-cve-2023-49606\\\/#listItem\",\"position\":3,\"name\":\"Tinyproxy use-after-free Vulnerability (CVE-2023-49606)\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/category\\\/uncategorized\\\/#listItem\",\"name\":\"Uncategorized\"}}]},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#organization\",\"name\":\"Sekuritas IT\",\"description\":\"Creative solutions to unique challenges.\",\"url\":\"https:\\\/\\\/sekuritasit.com\\\/\",\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/profile.php?id=100086973577423\"]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/05\\\/07\\\/tinyproxy-use-after-free-vulnerability-cve-2023-49606\\\/#webpage\",\"url\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/05\\\/07\\\/tinyproxy-use-after-free-vulnerability-cve-2023-49606\\\/\",\"name\":\"Tinyproxy use-after-free Vulnerability (CVE-2023-49606) \\u203a Sekuritas IT\",\"description\":\"What is the vulnerability?A use-after-free vulnerability tagged as CVE-2023-49606 exists in Tinyproxy, a lightweight open-source HTTP proxy daemon. The threat actor may trigger this memory corruption and execute arbitrary code by sending a specially crafted HTTP header that triggers the reuse of previously freed memory. That can lead to remote code execution. As of May\",\"inLanguage\":\"en-US\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/2024\\\/05\\\/07\\\/tinyproxy-use-after-free-vulnerability-cve-2023-49606\\\/#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/author\\\/#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/index.php\\\/author\\\/#author\"},\"datePublished\":\"2024-05-07T04:50:28+00:00\",\"dateModified\":\"2024-05-07T04:50:28+00:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#website\",\"url\":\"https:\\\/\\\/sekuritasit.com\\\/\",\"name\":\"Sekuritas IT\",\"alternateName\":\"Sekuritas\",\"description\":\"Creative solutions to unique challenges.\",\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\\\/\\\/sekuritasit.com\\\/#organization\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"Tinyproxy use-after-free Vulnerability (CVE-2023-49606) \u203a Sekuritas IT","description":"What is the vulnerability?A use-after-free vulnerability tagged as CVE-2023-49606 exists in Tinyproxy, a lightweight open-source HTTP proxy daemon. The threat actor may trigger this memory corruption and execute arbitrary code by sending a specially crafted HTTP header that triggers the reuse of previously freed memory. That can lead to remote code execution. As of May","canonical_url":"https:\/\/sekuritasit.com\/index.php\/2024\/05\/07\/tinyproxy-use-after-free-vulnerability-cve-2023-49606\/","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"BlogPosting","@id":"https:\/\/sekuritasit.com\/index.php\/2024\/05\/07\/tinyproxy-use-after-free-vulnerability-cve-2023-49606\/#blogposting","name":"Tinyproxy use-after-free Vulnerability (CVE-2023-49606) \u203a Sekuritas IT","headline":"Tinyproxy use-after-free Vulnerability (CVE-2023-49606)","author":{"@id":"https:\/\/sekuritasit.com\/index.php\/author\/#author"},"publisher":{"@id":"https:\/\/sekuritasit.com\/#organization"},"datePublished":"2024-05-07T04:50:28+00:00","dateModified":"2024-05-07T04:50:28+00:00","inLanguage":"en-US","mainEntityOfPage":{"@id":"https:\/\/sekuritasit.com\/index.php\/2024\/05\/07\/tinyproxy-use-after-free-vulnerability-cve-2023-49606\/#webpage"},"isPartOf":{"@id":"https:\/\/sekuritasit.com\/index.php\/2024\/05\/07\/tinyproxy-use-after-free-vulnerability-cve-2023-49606\/#webpage"},"articleSection":"Uncategorized"},{"@type":"BreadcrumbList","@id":"https:\/\/sekuritasit.com\/index.php\/2024\/05\/07\/tinyproxy-use-after-free-vulnerability-cve-2023-49606\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/sekuritasit.com#listItem","position":1,"name":"Home","item":"https:\/\/sekuritasit.com","nextItem":{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/#listItem","name":"Uncategorized"}},{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/#listItem","position":2,"name":"Uncategorized","item":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/","nextItem":{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/2024\/05\/07\/tinyproxy-use-after-free-vulnerability-cve-2023-49606\/#listItem","name":"Tinyproxy use-after-free Vulnerability (CVE-2023-49606)"},"previousItem":{"@type":"ListItem","@id":"https:\/\/sekuritasit.com#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/2024\/05\/07\/tinyproxy-use-after-free-vulnerability-cve-2023-49606\/#listItem","position":3,"name":"Tinyproxy use-after-free Vulnerability (CVE-2023-49606)","previousItem":{"@type":"ListItem","@id":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/#listItem","name":"Uncategorized"}}]},{"@type":"Organization","@id":"https:\/\/sekuritasit.com\/#organization","name":"Sekuritas IT","description":"Creative solutions to unique challenges.","url":"https:\/\/sekuritasit.com\/","sameAs":["https:\/\/www.facebook.com\/profile.php?id=100086973577423"]},{"@type":"WebPage","@id":"https:\/\/sekuritasit.com\/index.php\/2024\/05\/07\/tinyproxy-use-after-free-vulnerability-cve-2023-49606\/#webpage","url":"https:\/\/sekuritasit.com\/index.php\/2024\/05\/07\/tinyproxy-use-after-free-vulnerability-cve-2023-49606\/","name":"Tinyproxy use-after-free Vulnerability (CVE-2023-49606) \u203a Sekuritas IT","description":"What is the vulnerability?A use-after-free vulnerability tagged as CVE-2023-49606 exists in Tinyproxy, a lightweight open-source HTTP proxy daemon. The threat actor may trigger this memory corruption and execute arbitrary code by sending a specially crafted HTTP header that triggers the reuse of previously freed memory. That can lead to remote code execution. As of May","inLanguage":"en-US","isPartOf":{"@id":"https:\/\/sekuritasit.com\/#website"},"breadcrumb":{"@id":"https:\/\/sekuritasit.com\/index.php\/2024\/05\/07\/tinyproxy-use-after-free-vulnerability-cve-2023-49606\/#breadcrumblist"},"author":{"@id":"https:\/\/sekuritasit.com\/index.php\/author\/#author"},"creator":{"@id":"https:\/\/sekuritasit.com\/index.php\/author\/#author"},"datePublished":"2024-05-07T04:50:28+00:00","dateModified":"2024-05-07T04:50:28+00:00"},{"@type":"WebSite","@id":"https:\/\/sekuritasit.com\/#website","url":"https:\/\/sekuritasit.com\/","name":"Sekuritas IT","alternateName":"Sekuritas","description":"Creative solutions to unique challenges.","inLanguage":"en-US","publisher":{"@id":"https:\/\/sekuritasit.com\/#organization"}}]},"og:locale":"en_US","og:site_name":"Sekuritas IT \u203a Creative solutions to unique challenges.","og:type":"article","og:title":"Tinyproxy use-after-free Vulnerability (CVE-2023-49606) \u203a Sekuritas IT","og:description":"What is the vulnerability?A use-after-free vulnerability tagged as CVE-2023-49606 exists in Tinyproxy, a lightweight open-source HTTP proxy daemon. The threat actor may trigger this memory corruption and execute arbitrary code by sending a specially crafted HTTP header that triggers the reuse of previously freed memory. That can lead to remote code execution. As of May","og:url":"https:\/\/sekuritasit.com\/index.php\/2024\/05\/07\/tinyproxy-use-after-free-vulnerability-cve-2023-49606\/","article:published_time":"2024-05-07T04:50:28+00:00","article:modified_time":"2024-05-07T04:50:28+00:00","article:publisher":"https:\/\/www.facebook.com\/profile.php?id=100086973577423","twitter:card":"summary_large_image","twitter:title":"Tinyproxy use-after-free Vulnerability (CVE-2023-49606) \u203a Sekuritas IT","twitter:description":"What is the vulnerability?A use-after-free vulnerability tagged as CVE-2023-49606 exists in Tinyproxy, a lightweight open-source HTTP proxy daemon. The threat actor may trigger this memory corruption and execute arbitrary code by sending a specially crafted HTTP header that triggers the reuse of previously freed memory. That can lead to remote code execution. As of May"},"aioseo_meta_data":{"post_id":"10816","title":null,"description":null,"keywords":null,"keyphrases":null,"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":null,"og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"","isEnabled":true},"graphs":[]},"schema_type":"default","schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":null,"robots_max_videopreview":null,"robots_max_imagepreview":"large","priority":null,"frequency":null,"local_seo":null,"breadcrumb_settings":null,"limit_modified_date":false,"ai":null,"created":"2024-05-07 05:08:48","updated":"2025-10-15 09:08:30","seo_analyzer_scan_date":null},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/sekuritasit.com\" title=\"Home\">Home<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/\" title=\"Uncategorized\">Uncategorized<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\tTinyproxy use-after-free Vulnerability (CVE-2023-49606)\n\t\t<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/sekuritasit.com"},{"label":"Uncategorized","link":"https:\/\/sekuritasit.com\/index.php\/category\/uncategorized\/"},{"label":"Tinyproxy use-after-free Vulnerability (CVE-2023-49606)","link":"https:\/\/sekuritasit.com\/index.php\/2024\/05\/07\/tinyproxy-use-after-free-vulnerability-cve-2023-49606\/"}],"_links":{"self":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/posts\/10816","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/comments?post=10816"}],"version-history":[{"count":1,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/posts\/10816\/revisions"}],"predecessor-version":[{"id":10817,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/posts\/10816\/revisions\/10817"}],"wp:attachment":[{"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/media?parent=10816"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/categories?post=10816"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sekuritasit.com\/index.php\/wp-json\/wp\/v2\/tags?post=10816"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}