rpm package
opensuse/libproxy&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/libproxy&distro=openSUSE%20Tumbleweed
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-26154 | Cri | 9.8 | < 0.4.17-2.2 | 0.4.17-2.2 | Sep 30, 2020 | url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. | |
| CVE-2020-25219 | Hig | 7.5 | < 0.4.17-2.2 | 0.4.17-2.2 | Sep 9, 2020 | url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion. | |
| CVE-2012-4504 | — | < 0.4.13-7.1 | 0.4.13-7.1 | Nov 11, 2012 | Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have an unspecified impact via a large proxy.pac file. |
- affected < 0.4.17-2.2fixed 0.4.17-2.2
url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header.
- affected < 0.4.17-2.2fixed 0.4.17-2.2
url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion.
- CVE-2012-4504Nov 11, 2012affected < 0.4.13-7.1fixed 0.4.13-7.1
Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have an unspecified impact via a large proxy.pac file.