252 matches found
CVE-2020-25219
url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion...
CVE-2020-25219
url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion...
CVE-2020-25219
The CVE-2020-25219 issue affects libproxy in the 0.4.x line (up to 0.4.15). A remote HTTP PAC server can trigger uncontrolled recursion by sending a response that is an infinite stream without a newline, causing stack exhaustion. Public advisories confirm vulnerable packages include libproxy and ...
CVE-2020-25219
url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion...
PT-2020-6589 · Libproxy +5 · Libproxy +5
Name of the Vulnerable Software and Affected Versions: libproxy versions prior to 0.4.16 Description: The issue is related to a buffer overflow in the url.cpp file of libproxy when PAC is enabled. This can be triggered by a large PAC file delivered without a Content-length header, potentially...
[SECURITY] Fedora 31 Update: glib-networking-2.62.4-1.fc31
This package contains modules that extend the networking support in GIO. In particular, it contains libproxy- and GSettings-based GProxyResolver implementations and a gnutls-based GTlsConnection implementation...
[SECURITY] Fedora 30 Update: glib-networking-2.60.1-2.fc30
This package contains modules that extend the networking support in GIO. In particular, it contains libproxy- and GSettings-based GProxyResolver implementations and a gnutls-based GTlsConnection implementation...
Denial Of Service (DoS)
libproxy is vulnerable to denial of service. A heap-based buffer overflow in the pxpacreload function in lib/pac.c when downloading proxy auto-configuration PAC files allows a remote attacker to crash the application or possibly execute arbitrary code by hosting a server that serves a malicious P...
[SECURITY] Fedora 24 Update: glib-networking-2.48.1-1.fc24
This package contains modules that extend the networking support in GIO. In particular, it contains libproxy- and GSettings-based GProxyResolver implementations and a gnutls-based GTlsConnection implementation...
FreeBSD : libproxy -- stack-based buffer overflow (3b5c2362-bd07-11e5-b7ef-5453ed2e2b49)
Tomas Hoger reports : A buffer overflow flaw was discovered in the libproxy's url::getpac used to download proxy.pac proxy auto-configuration file. A malicious host hosting proxy.pac, or a man in the middle attacker, could use this flaw to trigger a stack-based buffer overflow in an application...
Oracle: Security Advisory (ELSA-2013-0271)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle: Security Advisory (ELSA-2012-1461)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Gentoo Security Advisory GLSA 201404-02
Gentoo Linux Local Security Checks GLSA 201404-02 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...
Amazon Linux: Security Advisory (ALAS-2012-140)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Solaris Third-Party Patch Update : libproxy (multiple_buffer_errors_vulnerability_in1)
The remote Solaris system is missing necessary patches to address security updates : - Stack-based buffer overflow in the url::getpac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have an unspecified impact via a large proxy.pac file. CVE-2012-4504 - Heap-based buffe...
DEBIAN-CVE-2012-5580
Format string vulnerability in the printproxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in a proxy name, as demonstrated using the httpproxy environment...
CVE-2012-5580
Format string vulnerability in the printproxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in a proxy name, as demonstrated using the httpproxy environment...
CVE-2012-5580
Format string vulnerability in the printproxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in a proxy name, as demonstrated using the httpproxy environment...
CVE-2012-5580
Format string vulnerability in the printproxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in a proxy name, as demonstrated using the httpproxy environment...
Format string
Format string vulnerability in the printproxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in a proxy name, as demonstrated using the httpproxy environment...