PT-2020-6592 · Libproxy+5 · Libproxy+5

Mcatanzaro

Published

2020-09-07

Updated

2024-06-15

CVE-2020-25219

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions libproxy versions 0.4.x through 0.4.15

Description The issue is related to the url::recvline function in the url.cpp component of the libproxy library, which incorrectly handles the absence of a newline character. This can lead to uncontrolled recursion when a remote HTTP server sends a response composed of an infinite stream lacking a newline character, resulting in stack exhaustion. The vulnerability can be exploited by a remote attacker to cause a denial of service.

Recommendations For libproxy versions 0.4.x through 0.4.15, consider disabling the url::recvline function in the url.cpp component as a temporary workaround to prevent exploitation until a patch is available. Restrict access to the url.cpp component to minimize the risk of exploitation. Avoid using the url::recvline function in the affected libproxy versions until the issue is resolved.

Exploit

Fix

Uncontrolled Recursion

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674CWE-787

Related Identifiers

ALT-PU-2020-3261

ALT-PU-2020-3293

ALT-PU-2021-1069

ALT-PU-2021-2148

AZL-6645

AZL-7270

BDU:2022-00336

CVE-2020-25219

DLA-2372-1

DSA-4800-1

MGASA-2020-0373

OESA-2022-1756

OPENSUSE-SU-2020:1676-1

OPENSUSE-SU-2020:1680-1

OPENSUSE-SU-2020_1676-1

OPENSUSE-SU-2020_1680-1

OPENSUSE-SU-2024:10973-1

RHSA-2024:6205

SUSE-SU-2020:2900-1

SUSE-SU-2020:2901-1

SUSE-SU-2020_2900-1

SUSE-SU-2020_2901-1

USN-4514-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Suse

Ubuntu

Libproxy

PT-2020-6592 · Libproxy+5 · Libproxy+5

CVE-2020-25219

Weakness Enumeration

Related Identifiers

Affected Products

References · 49