url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25219
Reference (s):
- DEBIAN:DSA-4800
- URL: https://www.debian.org/security/2020/dsa-4800
- FEDORA:FEDORA-2020-2407cb0512
- URL: https://lists.fedoraproject.org/archives/list/[email protected]/message/CNID6EZVOVH7EZB7KFU2EON54CFDIVUR/
- FEDORA:FEDORA-2020-7e1e9abf77