CVE-2012-4505Improper Restriction of Operations within the Bounds of a Memory Buffer in Project Libproxy

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents8 sources
Severity
10.0CRITICALNVD
EPSS
4.4%
top 11.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Libproxy Project Libproxy
Timeline
PublishedNov 11
Latest updateMay 14

Description

Heap-based buffer overflow in the px_pac_reload function in lib/pac.c in libproxy 0.2.x and 0.3.x allows remote servers to have an unspecified impact via a crafted Content-Length size in an HTTP response header for a proxy.pac file request, a different vulnerability than CVE-2012-4504.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

Debianlibproxy_project/libproxy< 0.3.1-5.1+3
NVDlibproxy_project/libproxy0.2.3, 0.3.0, 0.3.1+2

🔴Vulnerability Details

3
GHSA
GHSA-8g7q-m58p-3p6w: Heap-based buffer overflow in the px_pac_reload function in lib/pac2022-05-14
CVEList
CVE-2012-4505: Heap-based buffer overflow in the px_pac_reload function in lib/pac2012-11-11
OSV
CVE-2012-4505: Heap-based buffer overflow in the px_pac_reload function in lib/pac2012-11-11

📋Vendor Advisories

3
Ubuntu
libproxy vulnerabilities2012-11-12
Red Hat
libproxy: PAC handling insufficient content length check leading to buffer overflow2012-10-12
Debian
CVE-2012-4505: libproxy - Heap-based buffer overflow in the px_pac_reload function in lib/pac.c in libprox...2012

💬Community

1
Bugzilla
CVE-2012-4505 libproxy: PAC handling insufficient content length check leading to buffer overflow2012-10-09
CVE-2012-4505 — Libproxy Project Libproxy vulnerability | cvebase