vulnerability
Red Hat: CVE-2020-26154: libproxy: sending more than 102400 bytes in PAC without a Content-Length present could result in buffer overflow (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Sep 30, 2020 | Sep 13, 2024 | Aug 11, 2025 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Sep 30, 2020
Added
Sep 13, 2024
Modified
Aug 11, 2025
Description
url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header.
Solutions
redhat-upgrade-libproxyredhat-upgrade-libproxy-binredhat-upgrade-libproxy-bin-debuginforedhat-upgrade-libproxy-debuginforedhat-upgrade-libproxy-debugsourceredhat-upgrade-libproxy-develredhat-upgrade-libproxy-gnomeredhat-upgrade-libproxy-gnome-debuginforedhat-upgrade-libproxy-networkmanagerredhat-upgrade-libproxy-networkmanager-debuginforedhat-upgrade-libproxy-webkitgtk4redhat-upgrade-libproxy-webkitgtk4-debuginforedhat-upgrade-python3-libproxy
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.