Vulnerability CVE-2020-25219: Information

Description

url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2020-25219
Published: Sept. 10, 2020
Modified: Nov. 7, 2023
Error type identifier: CWE-674

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
libproxysisyphus0.4.15-alt40.5.6-alt1ALT-PU-2020-3261-1261536Fixed
libproxyp100.4.15-alt40.4.17-alt1.1ALT-PU-2020-3261-1261536Fixed
libproxyp90.4.15-alt50.4.15-alt5ALT-PU-2020-3293-1261541Fixed
libproxyc10f10.4.15-alt40.4.17-alt1.1ALT-PU-2020-3261-1261536Fixed
libproxyc9f20.4.15-alt50.4.15-alt5ALT-PU-2021-2148-1276678Fixed
libproxyp110.4.15-alt40.5.6-alt1ALT-PU-2020-3261-1261536Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/libproxy/libproxy/issues/134
  • Exploit
  • Third Party Advisory
[debian-lts-announce] 20200912 [SECURITY] [DLA 2372-1] libproxy security update
  • Third Party Advisory
USN-4514-1
  • Third Party Advisory
openSUSE-SU-2020:1676
  • Mailing List
  • Third Party Advisory
openSUSE-SU-2020:1680
  • Mailing List
  • Third Party Advisory
DSA-4800
  • Third Party Advisory
FEDORA-2020-2407cb0512
    FEDORA-2020-f92d372cf1
      FEDORA-2020-7e1e9abf77

          1. Configuration 1

            cpe:2.3:a:libproxy_project:libproxy:*:*:*:*:*:*:*:*
            Start including
            0.4.0
            End including
            0.4.15

            Configuration 2

            cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
            cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

            Configuration 3

            cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
            cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
            cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

            Configuration 4

            cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
            cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

            Configuration 5

            cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
            cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
            cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
        VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
        Version: v24.5.3
        Back to top