Vulnerabilites related to libproxy_project - libproxy
cve-2012-5580
Vulnerability from cvelistv5
Published
2014-10-27 22:00
Modified
2024-08-06 21:14
Severity ?
EPSS score ?
Summary
Format string vulnerability in the print_proxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a proxy name, as demonstrated using the http_proxy environment variable or a PAC file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/56712 | vdb-entry, x_refsource_BID | |
| https://code.google.com/p/libproxy/source/detail?r=475 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/80340 | vdb-entry, x_refsource_XF | |
| https://bugzilla.redhat.com/show_bug.cgi?id=883100 | x_refsource_CONFIRM | |
| https://bugzilla.novell.com/show_bug.cgi?id=791086 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T21:14:15.617Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "56712", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/56712", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://code.google.com/p/libproxy/source/detail?r=475", }, { name: "libproxy-printproxies-format-string(80340)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80340", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=883100", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.novell.com/show_bug.cgi?id=791086", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-11-24T00:00:00", descriptions: [ { lang: "en", value: "Format string vulnerability in the print_proxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a proxy name, as demonstrated using the http_proxy environment variable or a PAC file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "56712", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/56712", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://code.google.com/p/libproxy/source/detail?r=475", }, { name: "libproxy-printproxies-format-string(80340)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80340", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=883100", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.novell.com/show_bug.cgi?id=791086", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2012-5580", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Format string vulnerability in the print_proxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a proxy name, as demonstrated using the http_proxy environment variable or a PAC file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "56712", refsource: "BID", url: "http://www.securityfocus.com/bid/56712", }, { name: "https://code.google.com/p/libproxy/source/detail?r=475", refsource: "CONFIRM", url: "https://code.google.com/p/libproxy/source/detail?r=475", }, { name: "libproxy-printproxies-format-string(80340)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80340", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=883100", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=883100", }, { name: "https://bugzilla.novell.com/show_bug.cgi?id=791086", refsource: "CONFIRM", url: "https://bugzilla.novell.com/show_bug.cgi?id=791086", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-5580", datePublished: "2014-10-27T22:00:00", dateReserved: "2012-10-24T00:00:00", dateUpdated: "2024-08-06T21:14:15.617Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-4505
Vulnerability from cvelistv5
Published
2012-11-11 11:00
Modified
2024-08-06 20:35
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the px_pac_reload function in lib/pac.c in libproxy 0.2.x and 0.3.x allows remote servers to have an unspecified impact via a crafted Content-Length size in an HTTP response header for a proxy.pac file request, a different vulnerability than CVE-2012-4504.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T20:35:09.950Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "openSUSE-SU-2012:1375", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2012-10/msg00065.html", }, { name: "51048", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/51048", }, { name: "RHSA-2012:1461", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1461.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://groups.google.com/forum/?fromgroups=#%21topic/libproxy/VxZ8No7mT0E", }, { name: "USN-1629-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-1629-1", }, { name: "[oss-security] 20121012 libproxy PAC downloading buffer overflows", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/10/12/1", }, { name: "[oss-security] 20121012 Re: libproxy PAC downloading buffer overflows", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/10/12/5", }, { name: "DSA-2571", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2012/dsa-2571", }, { name: "51180", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/51180", }, { name: "51308", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/51308", }, { name: "55910", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/55910", }, { name: "[oss-security] 20121016 Re: libproxy PAC downloading buffer overflows", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/10/16/3", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=864612", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-10-10T00:00:00", descriptions: [ { lang: "en", value: "Heap-based buffer overflow in the px_pac_reload function in lib/pac.c in libproxy 0.2.x and 0.3.x allows remote servers to have an unspecified impact via a crafted Content-Length size in an HTTP response header for a proxy.pac file request, a different vulnerability than CVE-2012-4504.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-12-05T10:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "openSUSE-SU-2012:1375", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2012-10/msg00065.html", }, { name: "51048", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/51048", }, { name: "RHSA-2012:1461", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1461.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://groups.google.com/forum/?fromgroups=#%21topic/libproxy/VxZ8No7mT0E", }, { name: "USN-1629-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-1629-1", }, { name: "[oss-security] 20121012 libproxy PAC downloading buffer overflows", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/10/12/1", }, { name: "[oss-security] 20121012 Re: libproxy PAC downloading buffer overflows", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/10/12/5", }, { name: "DSA-2571", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2012/dsa-2571", }, { name: "51180", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/51180", }, { name: "51308", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/51308", }, { name: "55910", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/55910", }, { name: "[oss-security] 20121016 Re: libproxy PAC downloading buffer overflows", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/10/16/3", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=864612", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2012-4505", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Heap-based buffer overflow in the px_pac_reload function in lib/pac.c in libproxy 0.2.x and 0.3.x allows remote servers to have an unspecified impact via a crafted Content-Length size in an HTTP response header for a proxy.pac file request, a different vulnerability than CVE-2012-4504.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "openSUSE-SU-2012:1375", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2012-10/msg00065.html", }, { name: "51048", refsource: "SECUNIA", url: "http://secunia.com/advisories/51048", }, { name: "RHSA-2012:1461", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2012-1461.html", }, { name: "https://groups.google.com/forum/?fromgroups=#!topic/libproxy/VxZ8No7mT0E", refsource: "CONFIRM", url: "https://groups.google.com/forum/?fromgroups=#!topic/libproxy/VxZ8No7mT0E", }, { name: "USN-1629-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-1629-1", }, { name: "[oss-security] 20121012 libproxy PAC downloading buffer overflows", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2012/10/12/1", }, { name: "[oss-security] 20121012 Re: libproxy PAC downloading buffer overflows", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2012/10/12/5", }, { name: "DSA-2571", refsource: "DEBIAN", url: "http://www.debian.org/security/2012/dsa-2571", }, { name: "51180", refsource: "SECUNIA", url: "http://secunia.com/advisories/51180", }, { name: "51308", refsource: "SECUNIA", url: "http://secunia.com/advisories/51308", }, { name: "55910", refsource: "BID", url: "http://www.securityfocus.com/bid/55910", }, { name: "[oss-security] 20121016 Re: libproxy PAC downloading buffer overflows", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2012/10/16/3", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=864612", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=864612", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-4505", datePublished: "2012-11-11T11:00:00", dateReserved: "2012-08-21T00:00:00", dateUpdated: "2024-08-06T20:35:09.950Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-25219
Vulnerability from cvelistv5
Published
2020-09-09 20:30
Modified
2024-08-04 15:33
Severity ?
EPSS score ?
Summary
url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:33:05.285Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libproxy/libproxy/issues/134", }, { name: "[debian-lts-announce] 20200912 [SECURITY] [DLA 2372-1] libproxy security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00012.html", }, { name: "USN-4514-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4514-1/", }, { name: "FEDORA-2020-2407cb0512", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNID6EZVOVH7EZB7KFU2EON54CFDIVUR/", }, { name: "FEDORA-2020-f92d372cf1", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JF5JSONJNO64ARWRVOS6K6HSIPHEF3H2/", }, { name: "FEDORA-2020-7e1e9abf77", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SSVZAAVHBJR3Z4MZNR55QW3OQFAS2STH/", }, { name: "openSUSE-SU-2020:1676", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00030.html", }, { name: "openSUSE-SU-2020:1680", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00033.html", }, { name: "DSA-4800", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4800", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-11-29T03:06:12", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/libproxy/libproxy/issues/134", }, { name: "[debian-lts-announce] 20200912 [SECURITY] [DLA 2372-1] libproxy security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00012.html", }, { name: "USN-4514-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4514-1/", }, { name: "FEDORA-2020-2407cb0512", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNID6EZVOVH7EZB7KFU2EON54CFDIVUR/", }, { name: "FEDORA-2020-f92d372cf1", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JF5JSONJNO64ARWRVOS6K6HSIPHEF3H2/", }, { name: "FEDORA-2020-7e1e9abf77", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SSVZAAVHBJR3Z4MZNR55QW3OQFAS2STH/", }, { name: "openSUSE-SU-2020:1676", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00030.html", }, { name: "openSUSE-SU-2020:1680", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00033.html", }, { name: "DSA-4800", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4800", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-25219", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/libproxy/libproxy/issues/134", refsource: "MISC", url: "https://github.com/libproxy/libproxy/issues/134", }, { name: "[debian-lts-announce] 20200912 [SECURITY] [DLA 2372-1] libproxy security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00012.html", }, { name: "USN-4514-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4514-1/", }, { name: "FEDORA-2020-2407cb0512", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CNID6EZVOVH7EZB7KFU2EON54CFDIVUR/", }, { name: "FEDORA-2020-f92d372cf1", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JF5JSONJNO64ARWRVOS6K6HSIPHEF3H2/", }, { name: "FEDORA-2020-7e1e9abf77", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SSVZAAVHBJR3Z4MZNR55QW3OQFAS2STH/", }, { name: "openSUSE-SU-2020:1676", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00030.html", }, { name: "openSUSE-SU-2020:1680", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00033.html", }, { name: "DSA-4800", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4800", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-25219", datePublished: "2020-09-09T20:30:41", dateReserved: "2020-09-09T00:00:00", dateUpdated: "2024-08-04T15:33:05.285Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-26154
Vulnerability from cvelistv5
Published
2020-09-29 22:02
Modified
2024-08-04 15:49
Severity ?
EPSS score ?
Summary
url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/libproxy/libproxy/pull/126 | x_refsource_MISC | |
| https://bugs.debian.org/968366 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BID3HVHAF6DA3YJOFDBSAZSMR3ODNIW/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZVZXTFMFTSML3J6OOCDBDYH474BRJSW/ | vendor-advisory, x_refsource_FEDORA | |
| http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00030.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00033.html | vendor-advisory, x_refsource_SUSE | |
| https://lists.debian.org/debian-lts-announce/2020/11/msg00024.html | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2020/dsa-4800 | vendor-advisory, x_refsource_DEBIAN |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:49:07.264Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/libproxy/libproxy/pull/126", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.debian.org/968366", }, { name: "FEDORA-2020-15b775b07e", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BID3HVHAF6DA3YJOFDBSAZSMR3ODNIW/", }, { name: "FEDORA-2020-941b563a80", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZVZXTFMFTSML3J6OOCDBDYH474BRJSW/", }, { name: "openSUSE-SU-2020:1676", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00030.html", }, { name: "openSUSE-SU-2020:1680", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00033.html", }, { name: "[debian-lts-announce] 20201113 [SECURITY] [DLA 2450-1] libproxy security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/11/msg00024.html", }, { name: "DSA-4800", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4800", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-11-29T03:06:12", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/libproxy/libproxy/pull/126", }, { tags: [ "x_refsource_MISC", ], url: "https://bugs.debian.org/968366", }, { name: "FEDORA-2020-15b775b07e", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BID3HVHAF6DA3YJOFDBSAZSMR3ODNIW/", }, { name: "FEDORA-2020-941b563a80", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZVZXTFMFTSML3J6OOCDBDYH474BRJSW/", }, { name: "openSUSE-SU-2020:1676", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00030.html", }, { name: "openSUSE-SU-2020:1680", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00033.html", }, { name: "[debian-lts-announce] 20201113 [SECURITY] [DLA 2450-1] libproxy security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/11/msg00024.html", }, { name: "DSA-4800", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4800", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-26154", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/libproxy/libproxy/pull/126", refsource: "MISC", url: "https://github.com/libproxy/libproxy/pull/126", }, { name: "https://bugs.debian.org/968366", refsource: "MISC", url: "https://bugs.debian.org/968366", }, { name: "FEDORA-2020-15b775b07e", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3BID3HVHAF6DA3YJOFDBSAZSMR3ODNIW/", }, { name: "FEDORA-2020-941b563a80", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZVZXTFMFTSML3J6OOCDBDYH474BRJSW/", }, { name: "openSUSE-SU-2020:1676", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00030.html", }, { name: "openSUSE-SU-2020:1680", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00033.html", }, { name: "[debian-lts-announce] 20201113 [SECURITY] [DLA 2450-1] libproxy security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/11/msg00024.html", }, { name: "DSA-4800", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4800", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-26154", datePublished: "2020-09-29T22:02:17", dateReserved: "2020-09-29T00:00:00", dateUpdated: "2024-08-04T15:49:07.264Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-4504
Vulnerability from cvelistv5
Published
2012-11-11 11:00
Modified
2024-08-06 20:35
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have an unspecified impact via a large proxy.pac file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2012-10/msg00065.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/51048 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/55909 | vdb-entry, x_refsource_BID | |
| https://groups.google.com/forum/?fromgroups=#%21topic/libproxy/VxZ8No7mT0E | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=864417 | x_refsource_CONFIRM | |
| http://www.ubuntu.com/usn/USN-1629-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.openwall.com/lists/oss-security/2012/10/12/1 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/10/12/5 | mailing-list, x_refsource_MLIST | |
| http://code.google.com/p/libproxy/source/detail?r=853 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/79249 | vdb-entry, x_refsource_XF | |
| http://www.openwall.com/lists/oss-security/2012/10/16/3 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T20:35:10.043Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "openSUSE-SU-2012:1375", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2012-10/msg00065.html", }, { name: "51048", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/51048", }, { name: "55909", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/55909", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://groups.google.com/forum/?fromgroups=#%21topic/libproxy/VxZ8No7mT0E", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=864417", }, { name: "USN-1629-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-1629-1", }, { name: "[oss-security] 20121012 libproxy PAC downloading buffer overflows", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/10/12/1", }, { name: "[oss-security] 20121012 Re: libproxy PAC downloading buffer overflows", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/10/12/5", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://code.google.com/p/libproxy/source/detail?r=853", }, { name: "libproxy-urlgetpac-bo(79249)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/79249", }, { name: "[oss-security] 20121016 Re: libproxy PAC downloading buffer overflows", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/10/16/3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-10-10T00:00:00", descriptions: [ { lang: "en", value: "Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have an unspecified impact via a large proxy.pac file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "openSUSE-SU-2012:1375", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2012-10/msg00065.html", }, { name: "51048", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/51048", }, { name: "55909", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/55909", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://groups.google.com/forum/?fromgroups=#%21topic/libproxy/VxZ8No7mT0E", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=864417", }, { name: "USN-1629-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-1629-1", }, { name: "[oss-security] 20121012 libproxy PAC downloading buffer overflows", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/10/12/1", }, { name: "[oss-security] 20121012 Re: libproxy PAC downloading buffer overflows", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/10/12/5", }, { tags: [ "x_refsource_MISC", ], url: "http://code.google.com/p/libproxy/source/detail?r=853", }, { name: "libproxy-urlgetpac-bo(79249)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/79249", }, { name: "[oss-security] 20121016 Re: libproxy PAC downloading buffer overflows", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/10/16/3", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2012-4504", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have an unspecified impact via a large proxy.pac file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "openSUSE-SU-2012:1375", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2012-10/msg00065.html", }, { name: "51048", refsource: "SECUNIA", url: "http://secunia.com/advisories/51048", }, { name: "55909", refsource: "BID", url: "http://www.securityfocus.com/bid/55909", }, { name: "https://groups.google.com/forum/?fromgroups=#!topic/libproxy/VxZ8No7mT0E", refsource: "CONFIRM", url: "https://groups.google.com/forum/?fromgroups=#!topic/libproxy/VxZ8No7mT0E", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=864417", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=864417", }, { name: "USN-1629-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-1629-1", }, { name: "[oss-security] 20121012 libproxy PAC downloading buffer overflows", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2012/10/12/1", }, { name: "[oss-security] 20121012 Re: libproxy PAC downloading buffer overflows", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2012/10/12/5", }, { name: "http://code.google.com/p/libproxy/source/detail?r=853", refsource: "MISC", url: "http://code.google.com/p/libproxy/source/detail?r=853", }, { name: "libproxy-urlgetpac-bo(79249)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/79249", }, { name: "[oss-security] 20121016 Re: libproxy PAC downloading buffer overflows", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2012/10/16/3", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-4504", datePublished: "2012-11-11T11:00:00", dateReserved: "2012-08-21T00:00:00", dateUpdated: "2024-08-06T20:35:10.043Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2020-09-30 18:15
Modified
2024-11-21 05:19
Severity ?
Summary
url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libproxy_project | libproxy | * | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 15.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libproxy_project:libproxy:*:*:*:*:*:*:*:*", matchCriteriaId: "86CFDF6C-C62E-4079-B74D-678BCA9D4D38", versionEndIncluding: "0.4.15", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header.", }, { lang: "es", value: "El archivo url.cpp en libproxy versiones hasta 0.4.15, es propenso a un desbordamiento del búfer cuando PAC está habilitado, como es demostrado por un archivo PAC grande que es entregado sin un encabezado Content-length", }, ], id: "CVE-2020-26154", lastModified: "2024-11-21T05:19:23.440", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-09-30T18:15:27.163", references: [ { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00030.html", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00033.html", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugs.debian.org/968366", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/libproxy/libproxy/pull/126", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/11/msg00024.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BID3HVHAF6DA3YJOFDBSAZSMR3ODNIW/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZVZXTFMFTSML3J6OOCDBDYH474BRJSW/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4800", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00030.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00033.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugs.debian.org/968366", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/libproxy/libproxy/pull/126", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/11/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BID3HVHAF6DA3YJOFDBSAZSMR3ODNIW/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZVZXTFMFTSML3J6OOCDBDYH474BRJSW/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4800", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-11-11 13:00
Modified
2024-11-21 01:43
Severity ?
Summary
Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have an unspecified impact via a large proxy.pac file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libproxy_project | libproxy | 0.4.0 | |
| libproxy_project | libproxy | 0.4.1 | |
| libproxy_project | libproxy | 0.4.2 | |
| libproxy_project | libproxy | 0.4.3 | |
| libproxy_project | libproxy | 0.4.5 | |
| libproxy_project | libproxy | 0.4.6 | |
| libproxy_project | libproxy | 0.4.7 | |
| libproxy_project | libproxy | 0.4.8 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libproxy_project:libproxy:0.4.0:*:*:*:*:*:*:*", matchCriteriaId: "29BC48AD-3361-4767-BA61-95CC01CC1C81", vulnerable: true, }, { criteria: "cpe:2.3:a:libproxy_project:libproxy:0.4.1:*:*:*:*:*:*:*", matchCriteriaId: "C9A25BC3-67BB-4644-85DA-7573473D0C89", vulnerable: true, }, { criteria: "cpe:2.3:a:libproxy_project:libproxy:0.4.2:*:*:*:*:*:*:*", matchCriteriaId: "79D9916E-F4B5-4993-9DC4-132D7DD34C83", vulnerable: true, }, { criteria: "cpe:2.3:a:libproxy_project:libproxy:0.4.3:*:*:*:*:*:*:*", matchCriteriaId: "32D50B2F-6F39-4323-8979-15F7D485A89C", vulnerable: true, }, { criteria: "cpe:2.3:a:libproxy_project:libproxy:0.4.5:*:*:*:*:*:*:*", matchCriteriaId: "ACBA1409-BAF1-47B6-B6F9-BBA03B0C2879", vulnerable: true, }, { criteria: "cpe:2.3:a:libproxy_project:libproxy:0.4.6:*:*:*:*:*:*:*", matchCriteriaId: "4B99F0CB-8FB0-40C5-BC8E-B973E2766E30", vulnerable: true, }, { criteria: "cpe:2.3:a:libproxy_project:libproxy:0.4.7:*:*:*:*:*:*:*", matchCriteriaId: "FC1A5679-3E40-485C-97A8-AE3543E31282", vulnerable: true, }, { criteria: "cpe:2.3:a:libproxy_project:libproxy:0.4.8:*:*:*:*:*:*:*", matchCriteriaId: "E0B5C65E-84B2-48FD-A8FE-44EF0E96BD32", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have an unspecified impact via a large proxy.pac file.", }, { lang: "es", value: "Desbordamiento de búfer basado en pila en la función url::get_pac en url.cpp en libproxy v0.4.x antes de v0.4.9 permite que los servidores remotos tengan un impacto no especificado a través de un archivo proxy.pac grande.", }, ], id: "CVE-2012-4504", lastModified: "2024-11-21T01:43:01.393", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-11-11T13:00:48.790", references: [ { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://code.google.com/p/libproxy/source/detail?r=853", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2012-10/msg00065.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/51048", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/10/12/1", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/10/12/5", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/10/16/3", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/55909", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-1629-1", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=864417", }, { source: "secalert@redhat.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/79249", }, { source: "secalert@redhat.com", url: "https://groups.google.com/forum/?fromgroups=#%21topic/libproxy/VxZ8No7mT0E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://code.google.com/p/libproxy/source/detail?r=853", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2012-10/msg00065.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/51048", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/10/12/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/10/12/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/10/16/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/55909", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-1629-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=864417", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/79249", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://groups.google.com/forum/?fromgroups=#%21topic/libproxy/VxZ8No7mT0E", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-09 21:15
Modified
2024-11-21 05:17
Severity ?
Summary
url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libproxy_project | libproxy | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 15.2 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libproxy_project:libproxy:*:*:*:*:*:*:*:*", matchCriteriaId: "52AFAA1F-0DF9-41AD-BD7B-0A3B87679898", versionEndIncluding: "0.4.15", versionStartIncluding: "0.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion.", }, { lang: "es", value: "La función url::recvline en el archivo url.cpp en libproxy versiones 0.4.x hasta 0.4.15, permite a un servidor HTTP remoto activar una recursividad no controlada por medio de una respuesta compuesta por una transmisión infinita que carece de un carácter newline. Esto conlleva al agotamiento de la pila.", }, ], id: "CVE-2020-25219", lastModified: "2024-11-21T05:17:41.407", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-09-09T21:15:11.117", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00030.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00033.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/libproxy/libproxy/issues/134", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00012.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNID6EZVOVH7EZB7KFU2EON54CFDIVUR/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JF5JSONJNO64ARWRVOS6K6HSIPHEF3H2/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SSVZAAVHBJR3Z4MZNR55QW3OQFAS2STH/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4514-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4800", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00030.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00033.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/libproxy/libproxy/issues/134", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/09/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNID6EZVOVH7EZB7KFU2EON54CFDIVUR/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JF5JSONJNO64ARWRVOS6K6HSIPHEF3H2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SSVZAAVHBJR3Z4MZNR55QW3OQFAS2STH/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4514-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4800", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-674", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-11-11 13:00
Modified
2024-11-21 01:43
Severity ?
Summary
Heap-based buffer overflow in the px_pac_reload function in lib/pac.c in libproxy 0.2.x and 0.3.x allows remote servers to have an unspecified impact via a crafted Content-Length size in an HTTP response header for a proxy.pac file request, a different vulnerability than CVE-2012-4504.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libproxy_project | libproxy | 0.2.3 | |
| libproxy_project | libproxy | 0.3.0 | |
| libproxy_project | libproxy | 0.3.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libproxy_project:libproxy:0.2.3:*:*:*:*:*:*:*", matchCriteriaId: "76D9491D-8A35-403F-858E-1D8EFABFFB01", vulnerable: true, }, { criteria: "cpe:2.3:a:libproxy_project:libproxy:0.3.0:*:*:*:*:*:*:*", matchCriteriaId: "4D05FC8E-164F-40A7-A196-48E09C6903DD", vulnerable: true, }, { criteria: "cpe:2.3:a:libproxy_project:libproxy:0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "E3A470FD-BAB3-4A03-89A7-F86FC9F8D339", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Heap-based buffer overflow in the px_pac_reload function in lib/pac.c in libproxy 0.2.x and 0.3.x allows remote servers to have an unspecified impact via a crafted Content-Length size in an HTTP response header for a proxy.pac file request, a different vulnerability than CVE-2012-4504.", }, { lang: "es", value: "Desbordamiento de búfer basado en memoria dinámica en la función px_pac_reload en lib/pac.c en libproxy v0.2.x y v0.3.x permite que los servidores remotos tengan un impacto no especificado a través de un tamaño Content-Length modificado en un encabezado de respuesta HTTP para una solicitud de archivo proxy.pac, una vulnerabilidad diferente a CVE-2012-4504.", }, ], id: "CVE-2012-4505", lastModified: "2024-11-21T01:43:01.513", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-11-11T13:00:49.963", references: [ { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2012-10/msg00065.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2012-1461.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/51048", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/51180", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/51308", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2012/dsa-2571", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/10/12/1", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/10/12/5", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/10/16/3", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/55910", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-1629-1", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=864612", }, { source: "secalert@redhat.com", url: "https://groups.google.com/forum/?fromgroups=#%21topic/libproxy/VxZ8No7mT0E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2012-10/msg00065.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2012-1461.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/51048", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/51180", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/51308", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2012/dsa-2571", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/10/12/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/10/12/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/10/16/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/55910", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-1629-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=864612", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://groups.google.com/forum/?fromgroups=#%21topic/libproxy/VxZ8No7mT0E", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-10-27 22:55
Modified
2024-11-21 01:44
Severity ?
Summary
Format string vulnerability in the print_proxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a proxy name, as demonstrated using the http_proxy environment variable or a PAC file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libproxy_project | libproxy | 0.3.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:libproxy_project:libproxy:0.3.1:*:*:*:*:*:*:*", matchCriteriaId: "E3A470FD-BAB3-4A03-89A7-F86FC9F8D339", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Format string vulnerability in the print_proxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a proxy name, as demonstrated using the http_proxy environment variable or a PAC file.", }, { lang: "es", value: "Una vulnerabilidad de cadena de formato en la función print_proxies en bin/proxy.c en libproxy 0.3.1 podría permitir a atacantes dependientes del contexto causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de especificadores de cadenas de formatos en un nombre de proxy, tal y como fue demostrado mediante el uso de la variable de entorno http_proxy o un fichero PAC.", }, ], id: "CVE-2012-5580", lastModified: "2024-11-21T01:44:55.613", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-10-27T22:55:09.907", references: [ { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/56712", }, { source: "secalert@redhat.com", tags: [ "Exploit", ], url: "https://bugzilla.novell.com/show_bug.cgi?id=791086", }, { source: "secalert@redhat.com", tags: [ "Exploit", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=883100", }, { source: "secalert@redhat.com", url: "https://code.google.com/p/libproxy/source/detail?r=475", }, { source: "secalert@redhat.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80340", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/56712", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://bugzilla.novell.com/show_bug.cgi?id=791086", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=883100", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://code.google.com/p/libproxy/source/detail?r=475", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80340", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }