Advisory ROSA-SA-2026-3149

Software: libproxy 0.4.15 OS: ROSA Virtualization 3.1 unaffected versions = libproxy-0.4.15-5.5.5.rv31 affected versions libproxy-0.4.15-5.5.rv31 CVE-ID: CVE-2020-25219 BDU-ID: 2022-00336 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the url::recvline function of the url.cpp component of the...

libproxy: sending more than 102400 bytes in PAC without a Content-Length present could result in buffer overflow

A vulnerability was found in libproxy, where a buffer overflow can occur if a server serving a PAC file sends more than 102400 bytes without a Content-Length header, this flaw allows an attacker to trigger an overflow of PACHTTPBLOCKSIZE 512 bytes, potentially leading to application crashes or...

The vulnerability of the url.cpp component in the Libproxy configuration management library, due to a lack of mechanism for checking the size of copied data, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the url.cpp component in the Libproxy configuration management library is related to the lack of a mechanism for checking the size of copied data. Exploiting this vulnerability could allow an attacker operating remotely to gain access to confidential data, compromise its...

PT-2020-6589 · Libproxy +5 · Libproxy +5

Name of the Vulnerable Software and Affected Versions: libproxy versions prior to 0.4.16 Description: The issue is related to a buffer overflow in the url.cpp file of libproxy when PAC is enabled. This can be triggered by a large PAC file delivered without a Content-length header, potentially...