INFEA-2024:8852: libproxy security update
Information about definition
Identificator: INFEA-2024:8852
Type: enhancement
Release date: 2025-03-05 15:28:39 UTC
Information about package
The libproxy packages provide a library that handles all the details of proxy configuration. The libproxy library provides a stable external API, dynamic adjustment to changing network topology, and small core footprint. It does not use external dependencies within the libproxy core, however libproxy plug-ins may have dependencies.
Vulnerabilities description
- CVE-2020-26154
url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. Bug Fix: * libproxy: sending more than 102400 bytes in PAC without a Content-Length present could result in buffer overflow [rhel-8.10.0].
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2020-26154
|
no information | 7.5 | no information |
Updated packages