url::recvline in url.cpp in libproxy is vulnerable to denial of service (DoS). It allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion.
CPE | Name | Operator | Version |
---|---|---|---|
libproxy:3.12 | eq | 0.4.15-r6 | |
libproxy:edge | eq | 0.4.15-r6 | |
libproxy:edge | eq | 0.4.15-r5 | |
libproxy:3.12 | eq | 0.4.15-r6 | |
libproxy:edge | eq | 0.4.15-r6 | |
libproxy:edge | eq | 0.4.15-r5 |
lists.opensuse.org/opensuse-security-announce/2020-10/msg00030.html
lists.opensuse.org/opensuse-security-announce/2020-10/msg00033.html
github.com/libproxy/libproxy/issues/134
lists.debian.org/debian-lts-announce/2020/09/msg00012.html
lists.fedoraproject.org/archives/list/[email protected]/message/CNID6EZVOVH7EZB7KFU2EON54CFDIVUR/
lists.fedoraproject.org/archives/list/[email protected]/message/JF5JSONJNO64ARWRVOS6K6HSIPHEF3H2/
lists.fedoraproject.org/archives/list/[email protected]/message/SSVZAAVHBJR3Z4MZNR55QW3OQFAS2STH/
usn.ubuntu.com/4514-1/
www.debian.org/security/2020/dsa-4800