Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC
Bug 741538 (CVE-2020-25219) - net-libs/libproxy: Uncontrolled recursion leading to DoS (CVE-2020-25219)
Summary: net-libs/libproxy: Uncontrolled recursion leading to DoS (CVE-2020-25219)
Status: CONFIRMED
Alias: CVE-2020-25219
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://github.com/libproxy/libproxy/...
Whiteboard: A3 [upstream/ebuild]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-09-10 16:30 UTC by John Helmert III (ajak)
Modified: 2020-09-10 16:30 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III (ajak) 2020-09-10 16:30:20 UTC
CVE-2020-25219:

url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion.


Issue: https://github.com/libproxy/libproxy/issues/134
Patch: https://github.com/libproxy/libproxy/commit/836c10b60c65e947ff1e10eb02fbcc676d909ffa