CyberSec.Space Logo
CVEブラウザに戻る

CVE-2012-5580

HIGH
7.5
CVSS Severity Score
EPSS Score0.1420%
EPSS Percentile10.02th
Published2014年10月27日
Last Modified2026年5月6日

Vulnerability Description

Format string vulnerability in the print_proxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a proxy name, as demonstrated using the http_proxy environment variable or a PAC file.

Affected Platforms (CPE)

📦
Libproxy Project

Libproxy

= 0.3.1

References & Advisories

🔗 http://www.securityfocus.com/bid/56712
🔗 https://bugzilla.novell.com/show_bug.cgi?id=791086
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=883100
🔗 https://code.google.com/p/libproxy/source/detail?r=475
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/80340
🔗 http://www.securityfocus.com/bid/56712
🔗 https://bugzilla.novell.com/show_bug.cgi?id=791086
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=883100

関連する脆弱性情報

CVE-2012-450410.0

Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have a...

CVE-2012-450510.0

Heap-based buffer overflow in the px_pac_reload function in lib/pac.c in libproxy 0.2.x and 0.3.x allows remote servers to have an...

CVE-2020-261549.8

url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is ...

CVE-2020-252197.5

url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a resp...