CVE-2020-25219

HIGH

7.5

CVSS Severity Score

EPSS Score0.1730%

EPSS Percentile13.49th

PublishedSep 9, 2020

Last ModifiedNov 21, 2024

Vulnerability Description

url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion.

Affected Platforms (CPE)

📦

Libproxy Project

Libproxy

>= 0.4.0 and <= 0.4.15

💻

Debian

Debian Linux

= 9.0

💻

Debian

Debian Linux

= 10.0

💻

Fedoraproject

Fedora

= 31

💻

Fedoraproject

Fedora

= 32

💻

Fedoraproject

Fedora

= 33

💻

Opensuse

Leap

= 15.1

💻

Opensuse

Leap

= 15.2

💻

Canonical

Ubuntu Linux

= 16.04

💻

Canonical

Ubuntu Linux

= 18.04

💻

Canonical

Ubuntu Linux

= 20.04

References & Advisories

🔗 http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00030.html

🔗 http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00033.html

🔗 https://github.com/libproxy/libproxy/issues/134

🔗 https://lists.debian.org/debian-lts-announce/2020/09/msg00012.html

🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNID6EZVOVH7EZB7KFU2EON54CFDIVUR/

🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JF5JSONJNO64ARWRVOS6K6HSIPHEF3H2/

🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SSVZAAVHBJR3Z4MZNR55QW3OQFAS2STH/

🔗 https://usn.ubuntu.com/4514-1/

Vulnerability Description

Affected Platforms (CPE)

Libproxy

Debian Linux

Debian Linux

Fedora

Fedora

Fedora

Leap

Leap

Ubuntu Linux

Ubuntu Linux

Ubuntu Linux

References & Advisories

Related Vulnerabilities