CVE-2020-25219

The CVE-2020-25219 issue affects libproxy in the 0.4.x line (up to 0.4.15). A remote HTTP PAC server can trigger uncontrolled recursion by sending a response that is an infinite stream without a newline, causing stack exhaustion. Public advisories confirm vulnerable packages include libproxy and ...

CVE-2020-26154

CVE-2020-26154 affects libproxy, with a buffer overflow in url.cpp when PAC is enabled and a large PAC file is delivered without a Content-Length header. Public advisories/records indicate impact could lead to crash or arbitrary code execution. Remediation: upgrade to a fixed libproxy version (e....

CVE-2012-4505

CVE-2012-4505 is a heap-based buffer overflow in libproxy’s PAC handling. The flaw resides in px_pac_reload (lib/pac.c) in libproxy 0.2.x and 0.3.x, exploitable by a crafted Content-Length in an HTTP response header for a proxy.pac request, leading to potential crash or arbitrary behavior. Public...

CVE-2012-4504

CVE-2012-4504 affects libproxy 0.4.x (up to 0.4.8); a stack-based buffer overflow in url::get_pac() when processing a proxy.pac file from a remote server can cause an unspecified impact. Remediation: upgrade to libproxy 0.4.9+ (Gentoo GLSA and related advisories reference 0.4.10 as fixed). Other ...

CVE-2012-5580

CVE-2012-5580 affects libproxy 0.3.1. The vulnerability exists in print_proxies (bin/proxy.c) where a format string flaw in a proxy name allows context-dependent attackers to trigger a crash (and possibly code execution) via format string specifiers. Exploitation scenarios mentioned include the h...