3 results (0.077 seconds)

CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0

CVE-2020-26154 – libproxy: sending more than 102400 bytes in PAC without a Content-Length present could result in buffer overflow

https://notcve.org/view.php?id=CVE-2020-26154

29 Sep 2020 — url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. El archivo url.cpp en libproxy versiones hasta 0.4.15, es propenso a un desbordamiento del búfer cuando PAC está habilitado, como es demostrado por un archivo PAC grande que es entregado sin un encabezado Content-length Two vulnerabilities were discovered in libproxy, an automatic proxy configuration management library, which could resul... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00030.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •

CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 1

CVE-2020-25219 – libproxy: uncontrolled recursion via an infinite stream response leading to stack exhaustion

https://notcve.org/view.php?id=CVE-2020-25219

09 Sep 2020 — url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion. La función url::recvline en el archivo url.cpp en libproxy versiones 0.4.x hasta 0.4.15, permite a un servidor HTTP remoto activar una recursividad no controlada por medio de una respuesta compuesta por una transmisión infinita que carece de un carácter newline. Esto conlleva ... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00030.html • CWE-674: Uncontrolled Recursion •

CVSS: 10.0EPSS: 5%CPEs: 8EXPL: 0

CVE-2012-4504 – Gentoo Linux Security Advisory 201404-02

https://notcve.org/view.php?id=CVE-2012-4504

11 Nov 2012 — Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have an unspecified impact via a large proxy.pac file. Desbordamiento de búfer basado en pila en la función url::get_pac en url.cpp en libproxy v0.4.x antes de v0.4.9 permite que los servidores remotos tengan un impacto no especificado a través de un archivo proxy.pac grande. A buffer overflow in libproxy might allow remote attackers to execute arbitrary code. Versions less than 0.4.10... • http://code.google.com/p/libproxy/source/detail?r=853 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •