CVE-2020-26154

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libproxy versions prior to 0.4.16

Description The issue is related to a buffer overflow in the url.cpp file of libproxy when PAC is enabled. This can be triggered by a large PAC file delivered without a Content-length header, potentially allowing a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For versions prior to 0.4.16, update to version 0.4.16 or later to resolve the issue. As a temporary workaround, consider disabling PAC when using libproxy until a patch is available. Restrict access to the url.cpp component to minimize the risk of exploitation.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

ALT-PU-2020-3261

ALT-PU-2020-3293

ALT-PU-2021-1069

ALT-PU-2021-2148

AZL-7271

BDU:2022-00328

CVE-2020-26154

DLA-2450-1

DSA-4800-1

INFEA-2024_8852

MGASA-2020-0399

OPENSUSE-SU-2020:1676-1

OPENSUSE-SU-2020:1680-1

OPENSUSE-SU-2020_1676-1

OPENSUSE-SU-2020_1680-1

OPENSUSE-SU-2024:10973-1

RHSA-2024:6205

SUSE-SU-2020:2900-1

SUSE-SU-2020:2901-1

USN-4673-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Suse

Ubuntu

Libproxy

CVE-2020-26154

Weakness Enumeration

Related Identifiers

Affected Products

References · 46