参照: Official suse advisory, NVD, CVE.org · CVE 詳細
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2022-40468 severity important: SUSE including 2 source package names (tinyproxy-1.11.1-2.1, tinyproxy-1.11.2-bp155.3.3.1), 3 product×package rows across 3 product lines (SUSE Package Hub 15 SP5, openSUSE Leap 15.5, openSUSE Tumbleweed): Fixed 3.
Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in process_request() function.