Fluid Attacks Database

Description

url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	libproxy	>=0 <0.4.15-15	0.4.15-15
debian 12	libproxy	>=0 <0.4.15-15	0.4.15-15
debian 13	libproxy	>=0 <0.4.15-15	0.4.15-15
debian 14	libproxy	>=0 <0.4.15-15	0.4.15-15
rpm rhel8.8	libproxy	<0:0.4.15-5.4.el8_8	0:0.4.15-5.4.el8_8
rpm rhel8	libproxy	<0:0.4.15-5.5.el8_10	0:0.4.15-5.5.el8_10

Aliases

1. CVE-2020-261542. NVD-2020-261543. OSV-DEBIAN-2020-261544. OSV-2020-261545. SECURITY-TRACKER-CVE-2020-26154

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.