CVE-2012-4504Improper Restriction of Operations within the Bounds of a Memory Buffer in Project Libproxy

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents7 sources
Severity
10.0CRITICALNVD
EPSS
5.6%
top 9.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Libproxy Project Libproxy
Timeline
PublishedNov 11
Latest updateMay 14

Description

Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have an unspecified impact via a large proxy.pac file.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDlibproxy_project/libproxy8 versions+7

Patches

Patch: code.google.comPatch: code.google.com

🔴Vulnerability Details

2
GHSA
GHSA-c5fx-qjrf-p783: Stack-based buffer overflow in the url::get_pac function in url2022-05-14
CVEList
CVE-2012-4504: Stack-based buffer overflow in the url::get_pac function in url2012-11-11

📋Vendor Advisories

4
Ubuntu
libproxy vulnerabilities2012-11-12
Red Hat
libproxy: PAC handling insufficient content length check leading to buffer overflow2012-10-12
Red Hat
libproxy: long proxy.pac file handling buffer overflow2012-10-10
Debian
CVE-2012-4504: libproxy - Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy ...2012

💬Community

2
Bugzilla
CVE-2012-4504 libproxy: long proxy.pac file handling buffer overflow [fedora-all]2012-10-16
Bugzilla
CVE-2012-4504 libproxy: long proxy.pac file handling buffer overflow2012-10-09
CVE-2012-4504 — Libproxy Project Libproxy vulnerability | cvebase