Vulnerability Description
A vulnerability classified as problematic was found in pacparser up to 1.3.x. Affected by this vulnerability is the function pacparser_find_proxy of the file src/pacparser.c. The manipulation of the argument url leads to buffer overflow. Attacking locally is a requirement. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is 853e8f45607cb07b877ffd270c63dbcdd5201ad9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215443.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pacparser Project | Pacparser | < 1.4.0 |
Related Weaknesses (CWE)
References
- https://github.com/manugarg/pacparser/commit/853e8f45607cb07b877ffd270c63dbcdd52Patch
- https://github.com/manugarg/pacparser/issues/99ExploitIssue TrackingThird Party Advisory
- https://github.com/manugarg/pacparser/releases/tag/v1.4.0Release Notes
- https://vuldb.com/?id.215443Permissions RequiredThird Party Advisory
- https://github.com/manugarg/pacparser/commit/853e8f45607cb07b877ffd270c63dbcdd52Patch
- https://github.com/manugarg/pacparser/issues/99ExploitIssue TrackingThird Party Advisory
- https://github.com/manugarg/pacparser/releases/tag/v1.4.0Release Notes
- https://vuldb.com/?id.215443Permissions RequiredThird Party Advisory
FAQ
What is CVE-2019-25078?
CVE-2019-25078 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability classified as problematic was found in pacparser up to 1.3.x. Affected by this vulnerability is the function pacparser_find_proxy of the file src/pacparser.c. The manipulation of the a...
How severe is CVE-2019-25078?
CVE-2019-25078 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-25078?
Check the references section above for vendor advisories and patch information. Affected products include: Pacparser Project Pacparser.