Hi,

The following vulnerability was published for tinyproxy.

CVE-2026-3945[0]:
| An integer overflow vulnerability in the HTTP chunked transfer
| encoding parser in tinyproxy up to and including version 1.11.3
| allows an unauthenticated remote attacker to cause a denial of
| service (DoS). The issue occurs because chunk size values are parsed
| using strtol() without properly validating overflow conditions
| (e.g., errno == ERANGE). A crafted chunk size such as
| 0x7fffffffffffffff (LONG_MAX) bypasses the existing validation check
| (chunklen < 0), leading to a signed integer overflow during
| arithmetic operations (chunklen + 2). This results in incorrect size
| calculations, causing the proxy to attempt reading an extremely
| large amount of request-body data and holding worker connections
| open indefinitely. An attacker can exploit this behavior to exhaust
| all available worker slots, preventing new connections from being
| accepted and causing complete service unavailability. Upstream
| addressed this issue in commit bb7edc4; however, the latest stable
| release (1.11.3) remains affected at the time of publication.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-3945
https://www.cve.org/CVERecord?id=CVE-2026-3945
[1] https://github.com/tinyproxy/tinyproxy/issues/602
[2] https://github.com/tinyproxy/tinyproxy/pull/603

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore