Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-2jn3-wa2w-73de
Vulnerability ID VCID-2jn3-wa2w-73de
Aliases CVE-2019-25078
PYSEC-2022-43062
Summary A vulnerability classified as problematic was found in pacparser up to 1.3.x. Affected by this vulnerability is the function pacparser_find_proxy of the file src/pacparser.c. The manipulation of the argument url leads to buffer overflow. Attacking locally is a requirement. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is 853e8f45607cb07b877ffd270c63dbcdd5201ad9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215443.
Status Published
Exploitability 0.5
Weighted Severity 7.0
Risk 3.5
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.0019 https://api.first.org/data/v1/epss?cve=CVE-2019-25078
epss 0.0019 https://api.first.org/data/v1/epss?cve=CVE-2019-25078
epss 0.0019 https://api.first.org/data/v1/epss?cve=CVE-2019-25078
cvssv3.1 7.8 https://github.com/manugarg/pacparser/commit/853e8f45607cb07b877ffd270c63dbcdd5201ad9
cvssv3.1 7.8 https://github.com/manugarg/pacparser/issues/99
cvssv3.1 7.8 https://github.com/manugarg/pacparser/releases/tag/v1.4.0
cvssv3.1 7.8 https://vuldb.com/?id.215443
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2019-25078
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25078
https://github.com/manugarg/pacparser/commit/853e8f45607cb07b877ffd270c63dbcdd5201ad9
https://github.com/manugarg/pacparser/issues/99
https://github.com/manugarg/pacparser/releases/tag/v1.4.0
https://vuldb.com/?id.215443
1026106 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026106
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/manugarg/pacparser/commit/853e8f45607cb07b877ffd270c63dbcdd5201ad9
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/manugarg/pacparser/issues/99
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/manugarg/pacparser/releases/tag/v1.4.0
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://vuldb.com/?id.215443
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.40751
EPSS Score 0.0019
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T20:27:30.333498+00:00 Debian Oval Importer Import https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.6.0