CVE-2019-25078

pacparser pacparser.c pacparser_find_proxy buffer overflow

CVSS 5.3 MEDIUMEPSS 0.4%CWE-119

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 5.3EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

13 dez 2022Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A vulnerability classified as problematic was found in pacparser up to 1.3.x. Affected by this vulnerability is the function pacparser_find_proxy of the file src/pacparser.c. The manipulation of the argument url leads to buffer overflow. Attacking locally is a requirement. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is 853e8f45607cb07b877ffd270c63dbcdd5201ad9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215443.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Produtos afetados

unspecified · pacparser

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/manugarg/pacparser/commit/853e8f45607cb07b877ffd270c63dbcdd5201ad9 https://github.com/manugarg/pacparser/issues/99 https://github.com/manugarg/pacparser/releases/tag/v1.4.0 https://vuldb.com/?id.215443