FS#68309 - [security][libproxy] CVE-2020-25219 CVE-2020-26154

Attached to Project: Arch Linux
Opened by loqs (loqs) - Saturday, 17 October 2020, 21:31 GMT
Last edited by Antonio Rojas (arojas) - Sunday, 19 June 2022, 09:34 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Jan de Groot (JGC)
Jan Alexander Steffens (heftig)
Levente Polyak (anthraxx)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
CVE-2020-25219 [1]
url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion. Fixed by [2]

CVE-2020-26154
url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header.
Fixed by unmerged pull request [4].

Additional info:
* libproxy 0.4.15+33+g454a499-2
[1] https://nvd.nist.gov/vuln/detail/CVE-2020-25219
[2] https://github.com/libproxy/libproxy/commit/a83dae404feac517695c23ff43ce1e116e2bfbe0
[3] https://nvd.nist.gov/vuln/detail/CVE-2020-26154
[4] https://github.com/libproxy/libproxy/pull/126
This task depends upon

Closed by  Antonio Rojas (arojas)
Sunday, 19 June 2022, 09:34 GMT
Reason for closing:  Fixed
Additional comments about closing:  libproxy 0.4.16-1

Loading...