VYPR

rpm package

opensuse/libproxy&distro=openSUSE Leap 15.2

pkg:rpm/opensuse/libproxy&distro=openSUSE%20Leap%2015.2

Vulnerabilities (2)

  • CVE-2020-26154CriSep 30, 2020
    affected < 0.4.15-lp152.5.3.1fixed 0.4.15-lp152.5.3.1

    url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header.

  • CVE-2020-25219HigSep 9, 2020
    affected < 0.4.15-lp152.5.3.1fixed 0.4.15-lp152.5.3.1

    url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion.