CVE-2012-5580

Published: Oct 27, 2014Modified: May 6, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Format string vulnerability in the print_proxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a proxy name, as demonstrated using the http_proxy environment variable or a PAC file.

Affected (1)

Products: Libproxy Project: Libproxy

Libproxy Project

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Libproxy Project Libproxy	Version 0.3.1

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (10)

http://www.securityfocus.com/bid/56712

Source: secalert@redhat.com

https://bugzilla.novell.com/show_bug.cgi?id=791086

Source: secalert@redhat.com

Exploit

https://bugzilla.redhat.com/show_bug.cgi?id=883100

Source: secalert@redhat.com

Exploit

https://code.google.com/p/libproxy/source/detail?r=475

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/80340

Source: secalert@redhat.com

http://www.securityfocus.com/bid/56712

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.novell.com/show_bug.cgi?id=791086

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://bugzilla.redhat.com/show_bug.cgi?id=883100

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://code.google.com/p/libproxy/source/detail?r=475

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/80340

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.