VDB
CVE-2019-25078
CVE-2019-25078
PUBLISHED
A vulnerability classified as problematic was found in pacparser up to 1.3.x. Affected by this vulnerability is the function pacparser_find_proxy of the file src/pacparser.c. The manipulation of the argument url leads to buffer overflow. Attacking locally is a requirement. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is 853e8f45607cb07b877ffd270c63dbcdd5201ad9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215443.
EPSS 0.19% · 40.7th percentile
Risk Scores
EPSS Score
0.19%
40.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:22.04:LTS | pacparser | 1.3.6-1.2build3, 1.3.6-1.2build2, 1.3.6-1.2ubuntu1 |
| Ubuntu:18.04:LTS | pacparser | 1.3.6-1.1build3, 0 |
| Ubuntu:16.04:LTS | pacparser | 1.3.6-1, 1.3.6-1.1, 1.3.6-1.1build1 |
| Ubuntu:20.04:LTS | pacparser | 1.3.6-1.1build6, 1.3.6-1.1ubuntu1, 1.3.6-1.2 |
Exploit Intelligence
Timeline
- Dec 13, 2022 CVE Published
- Dec 14, 2022 EPSS Score
- Jan 25, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 8, 2023 EPSS Score
- Apr 18, 2023 EPSS Score
- May 30, 2023 EPSS Score
- Jul 11, 2023 EPSS Score
- Aug 22, 2023 EPSS Score
- Oct 3, 2023 EPSS Score
- Nov 14, 2023 EPSS Score
- Dec 25, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-25078 third-party-advisory
- https://github.com/manugarg/pacparser/issues/99 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-25078 third-party-advisory