PYSEC-2022-43062

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/pacparser/PYSEC-2022-43062.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2022-43062

Aliases

CVE-2019-25078

Published

2022-12-13T18:15:00Z

Modified

2023-11-07T21:41:59.403595Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability classified as problematic was found in pacparser up to 1.3.x. Affected by this vulnerability is the function pacparserfindproxy of the file src/pacparser.c. The manipulation of the argument url leads to buffer overflow. Attacking locally is a requirement. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is 853e8f45607cb07b877ffd270c63dbcdd5201ad9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215443.

References

Affected packages

PyPI / pacparser

Package

Name: pacparser; View open source insights on deps.dev
Purl: pkg:pypi/pacparser

Affected ranges

Type: GIT
Repo: https://github.com/manugarg/pacparser
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

853e8f45607cb07b877ffd270c63dbcdd5201ad9

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.0

Affected versions

1.*

1.3.7rc1

1.3.7rc5

1.3.7rc6

1.3.7

1.3.8.dev15

1.3.8.dev18

1.3.8.dev39

1.3.9.dev7

1.3.9.dev8

1.3.9

1.4.0.dev1

1.4.0.dev3