CVE-2012-5580

Format string vulnerability in the print_proxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a proxy name, as demonstrated using the http_proxy environment variable or a PAC file.

Published: Oct 27, 2014
Updated: Apr 13, 2023
CVE: CVE-2012-5580
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
libproxy_project / libproxy	0.3.1	0.3.1.x

http://www.securityfocus.com/bid/56712
https://bugzilla.novell.com/show_bug.cgi?id=791086
https://bugzilla.redhat.com/show_bug.cgi?id=883100
https://code.google.com/p/libproxy/source/detail?r=475
https://exchange.xforce.ibmcloud.com/vulnerabilities/80340

Vulnerability Database

289,697

CVE-2012-5580