{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-3945/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["tinyproxy","denial-of-service","integer-overflow","cve-2026-3945"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eTinyproxy, a lightweight HTTP/HTTPS proxy daemon, is vulnerable to an integer overflow in its chunked transfer encoding parser. This vulnerability, identified as CVE-2026-3945, affects versions up to and including 1.11.3. A remote, unauthenticated attacker can exploit this flaw by sending a specially crafted HTTP request containing an invalid chunk size value, such as 0x7fffffffffffffff. The \u003ccode\u003estrtol()\u003c/code\u003e function is used to parse chunk sizes but fails to properly validate overflow conditions, specifically the \u003ccode\u003eERANGE\u003c/code\u003e error. This bypasses a check designed to prevent negative chunk lengths (\u003ccode\u003echunklen \u0026lt; 0\u003c/code\u003e). The subsequent signed integer overflow during arithmetic operations leads to the proxy attempting to read an excessively large amount of data, exhausting resources and preventing new connections, effectively causing a denial-of-service condition. Although the upstream has addressed the issue in commit bb7edc4, the latest stable release (1.11.3) remains vulnerable.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker sends an HTTP request to the Tinyproxy server.\u003c/li\u003e\n\u003cli\u003eThe HTTP request uses chunked transfer encoding.\u003c/li\u003e\n\u003cli\u003eThe attacker includes a crafted chunk size value, such as 0x7fffffffffffffff (LONG_MAX), within the request headers.\u003c/li\u003e\n\u003cli\u003eThe Tinyproxy server parses the chunk size using \u003ccode\u003estrtol()\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003estrtol()\u003c/code\u003e function does not adequately validate the integer overflow (errno == ERANGE).\u003c/li\u003e\n\u003cli\u003eThe crafted chunk size bypasses the initial validation check (\u003ccode\u003echunklen \u0026lt; 0\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eA signed integer overflow occurs during arithmetic operations (\u003ccode\u003echunklen + 2\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe proxy attempts to read an extremely large amount of request-body data, exhausting available worker slots and preventing new connections, causing a denial of service (DoS).\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-3945 leads to a denial-of-service condition. The vulnerable Tinyproxy instance becomes unresponsive as it exhausts its available worker slots. This prevents legitimate users from accessing services proxied by the affected server. The impact is significant as it can completely disrupt services reliant on the proxy, affecting all users until the service is manually restarted or patched. The severity is high due to the ease of exploitation (unauthenticated remote attacker) and the potential for widespread service disruption.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Tinyproxy to a version patched against CVE-2026-3945 (commit bb7edc4 or later). If an upgrade is not immediately feasible, consider implementing a web application firewall (WAF) rule to filter requests with excessively large chunk sizes to mitigate the vulnerability.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Suspiciously Large HTTP Chunk Size\u003c/code\u003e to identify requests with abnormally large chunk sizes within HTTP traffic, indicating potential exploitation attempts of CVE-2026-3945.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for HTTP requests with chunk sizes exceeding a reasonable threshold. Analyze the request patterns to identify potential malicious actors attempting to exploit this vulnerability using the \u003ccode\u003ewebserver\u003c/code\u003e log source.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-30T08:16:17Z","date_published":"2026-03-30T08:16:17Z","id":"/briefs/2026-03-tinyproxy-dos/","summary":"An integer overflow vulnerability in Tinyproxy's HTTP chunked transfer encoding parser (versions \u003c= 1.11.3) allows an unauthenticated remote attacker to cause a denial of service by sending a crafted chunk size that bypasses validation, leading to resource exhaustion.","title":"Tinyproxy HTTP Chunked Encoding Integer Overflow Denial of Service","url":"https://feed.craftedsignal.io/briefs/2026-03-tinyproxy-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-3945","version":"https://jsonfeed.org/version/1.1"}