Buffer Overflow

Affecting libproxy package, versions <0.4.14-2+deb9u2

Report new vulnerabilities
Do your applications use this vulnerable package? Test your applications

Overview

Affected versions of this package are vulnerable to Buffer Overflow url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header.

Remediation

Upgrade libproxy to version or higher.

References

CVSS Score

9.8
high severity
  • Attack Vector
    Network
  • Attack Complexity
    Low
  • Privileges Required
    None
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    High
  • Integrity
    High
  • Availability
    High
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE
CVE-2020-26154
CWE
CWE-120
Snyk ID
SNYK-DEBIAN9-LIBPROXY-1014539
Disclosed
30 Sep, 2020
Published
30 Sep, 2020