Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 741538 (CVE-2020-25219, CVE-2020-26154) - net-libs/libproxy: Multiple vulnerabilities (CVE-2020-{25219,26154})
Summary: net-libs/libproxy: Multiple vulnerabilities (CVE-2020-{25219,26154})
Status: IN_PROGRESS
Alias: CVE-2020-25219, CVE-2020-26154
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://github.com/libproxy/libproxy/...
Whiteboard: A3 [upstream/ebuild cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-09-10 16:30 UTC by John Helmert III (ajak)
Modified: 2020-11-24 10:36 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III (ajak) 2020-09-10 16:30:20 UTC
CVE-2020-25219:

url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion.


Issue: https://github.com/libproxy/libproxy/issues/134
Patch: https://github.com/libproxy/libproxy/commit/836c10b60c65e947ff1e10eb02fbcc676d909ffa
Comment 1 Sam James archtester gentoo-dev Security 2020-09-30 19:28:06 UTC
CVE-2020-26154

url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header.

PR (not yet merged): https://github.com/libproxy/libproxy/pull/126
Comment 2 Sam James archtester gentoo-dev Security 2020-11-16 18:51:32 UTC
(In reply to Sam James from comment #1)
> CVE-2020-26154
> 
> url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is
> enabled, as demonstrated by a large PAC file that is delivered without a
> Content-length header.
> 
> PR (not yet merged): https://github.com/libproxy/libproxy/pull/126

Merged: https://github.com/libproxy/libproxy/commit/6d342b50366a048d3d543952e2be271b5742c5f8

Maintainer(s), let's take a snapshot?
Comment 3 Sam James archtester gentoo-dev Security 2020-11-24 10:36:33 UTC
(In reply to Sam James from comment #2)
> (In reply to Sam James from comment #1)
> > CVE-2020-26154
> > 
> > url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is
> > enabled, as demonstrated by a large PAC file that is delivered without a
> > Content-length header.
> > 
> > PR (not yet merged): https://github.com/libproxy/libproxy/pull/126
> 
> Merged:
> https://github.com/libproxy/libproxy/commit/
> 6d342b50366a048d3d543952e2be271b5742c5f8
> 
> Maintainer(s), let's take a snapshot?

Thoughts?