CVE-2019-25078

EUVD-2022-0190
A vulnerability classified as problematic was found in pacparser up to 1.3.x. Affected by this vulnerability is the function pacparser_find_proxy of the file src/pacparser.c. The manipulation of the argument url leads to buffer overflow. Attacking locally is a requirement. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is 853e8f45607cb07b877ffd270c63dbcdd5201ad9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215443.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VulDBCNA
5.3 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
Affected Products (NVD)
VendorProductVersion
pacparser_projectpacparser
𝑥
< 1.4.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pacparser
bookworm
1.3.6-1.4
fixed
bullseye
no-dsa
buster
no-dsa
sid
1.4.5-4
fixed
trixie
1.4.5-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pacparser
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
kinetic
ignored
lunar
ignored
mantic
not-affected
noble
not-affected
trusty
ignored
xenial
needs-triage
Common Weakness Enumeration
References
https://github.com/manugarg/pacparser/commit/853e8f45607cb07b877ffd270c63dbcdd5201ad9
https://github.com/manugarg/pacparser/issues/99
https://github.com/manugarg/pacparser/releases/tag/v1.4.0
https://vuldb.com/?id.215443
https://github.com/manugarg/pacparser/commit/853e8f45607cb07b877ffd270c63dbcdd5201ad9
https://github.com/manugarg/pacparser/issues/99
https://github.com/manugarg/pacparser/releases/tag/v1.4.0
https://vuldb.com/?id.215443