rpm package
suse/libproxy&distro=SUSE Linux Enterprise Module for Basesystem 15 SP1
pkg:rpm/suse/libproxy&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-26154 | Cri | 9.8 | < 0.4.15-4.3.1 | 0.4.15-4.3.1 | Sep 30, 2020 | url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. | |
| CVE-2020-25219 | Hig | 7.5 | < 0.4.15-4.3.1 | 0.4.15-4.3.1 | Sep 9, 2020 | url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion. |
- affected < 0.4.15-4.3.1fixed 0.4.15-4.3.1
url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header.
- affected < 0.4.15-4.3.1fixed 0.4.15-4.3.1
url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion.