Skip to main content

Libproxy

5 CVEs product

Monthly

CVE-2020-26154 CRITICAL Act Now

url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Libproxy Fedora Debian Linux Leap
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2020-25219 HIGH POC This Week

url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libproxy Debian Linux Fedora Leap +1
NVD GitHub
CVSS 3.1
7.5
EPSS
4.3%
CVE-2012-5580 HIGH POC This Week

Format string vulnerability in the print_proxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Denial Of Service Code Injection Libproxy
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2012-4505 CRITICAL Act Now

Heap-based buffer overflow in the px_pac_reload function in lib/pac.c in libproxy 0.2.x and 0.3.x allows remote servers to have an unspecified impact via a crafted Content-Length size in an HTTP. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Libproxy
NVD
CVSS 2.0
10.0
EPSS
4.4%
CVE-2012-4504 CRITICAL PATCH Act Now

Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have an unspecified impact via a large proxy.pac file. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Libproxy
NVD
CVSS 2.0
10.0
EPSS
5.6%
EPSS 4% CVSS 9.8
CRITICAL Act Now

url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Libproxy Fedora +2
NVD GitHub
EPSS 4% CVSS 7.5
HIGH POC This Week

url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libproxy Debian Linux +3
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

Format string vulnerability in the print_proxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Denial Of Service Code Injection +1
NVD
EPSS 4% CVSS 10.0
CRITICAL Act Now

Heap-based buffer overflow in the px_pac_reload function in lib/pac.c in libproxy 0.2.x and 0.3.x allows remote servers to have an unspecified impact via a crafted Content-Length size in an HTTP. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Libproxy
NVD
EPSS 6% CVSS 10.0
CRITICAL PATCH Act Now

Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have an unspecified impact via a large proxy.pac file. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Libproxy
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy