Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2012-4505

Published: 11/11/2012 Updated: 07/11/2023
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Libproxy

Vulnerability Summary

Heap-based buffer overflow in the px_pac_reload function in lib/pac.c in libproxy 0.2.x and 0.3.x allows remote servers to have an unspecified impact via a crafted Content-Length size in an HTTP response header for a proxy.pac file request, a different vulnerability than CVE-2012-4504.

Vulnerable Product Search on Vulmon Subscribe to Product

libproxy project libproxy 0.2.3

libproxy project libproxy 0.3.1

libproxy project libproxy 0.3.0

Vendor Advisories

Red Hat: Moderate: libproxy security update
Synopsis Moderate: libproxy security update Type/Severity Security Advisory: Moderate Topic Updated libproxy packages that fix one security issue are now available forRed Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common Vulnerability ...
Debian CVElist Bug Report Logs: libproxy: PAC handling insufficient content length check leading to buffer overflow
Debian Bug report logs - #690376 libproxy: PAC handling insufficient content length check leading to buffer overflow Package: libproxy; Maintainer for libproxy is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Reported by: "Thijs Kinkhorst" <thijs@debianorg> Date: Sat, 13 Oct 2012 13:21:02 ...
Ubuntu Security Notice: libproxy vulnerabilities
libproxy could be made to crash or run programs if it received specially crafted network traffic ...
Debian Security Advisories: DSA-2571-1 libproxy -- buffer overflow
The Red Hat Security Response Team discovered that libproxy, a library for automatic proxy configuration management, applied insufficient validation to the Content-Length header sent by a server providing a proxypac file Such remote server could trigger an integer overflow and consequently overflow an in-memory buffer For the stable distribution ...
Amazon Linux AMI: ALAS-2012-140
A buffer overflow flaw was found in the way libproxy handled the downloading of proxy auto-configuration (PAC) files A malicious server hosting a PAC file or a man-in-the-middle attacker could use this flaw to cause an application using libproxy to crash or, possibly, execute arbitrary code, if the proxy settings obtained by libproxy (from the env ...

References

CWE-119http://secunia.com/advisories/51048http://secunia.com/advisories/51180http://www.openwall.com/lists/oss-security/2012/10/12/1http://www.debian.org/security/2012/dsa-2571http://www.openwall.com/lists/oss-security/2012/10/12/5http://www.openwall.com/lists/oss-security/2012/10/16/3http://www.securityfocus.com/bid/55910https://bugzilla.redhat.com/show_bug.cgi?id=864612http://lists.opensuse.org/opensuse-updates/2012-10/msg00065.htmlhttp://www.ubuntu.com/usn/USN-1629-1http://rhn.redhat.com/errata/RHSA-2012-1461.htmlhttp://secunia.com/advisories/51308https://groups.google.com/forum/?fromgroups=#%21topic/libproxy/VxZ8No7mT0Ehttps://access.redhat.com/errata/RHSA-2012:1461https://usn.ubuntu.com/1629-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4644unprivilegedCVE-2024-3494CVE-2024-22460CVE-2024-26026CVE-2024-23473firewallCVE-2024-28889XML external entity
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook