CVE-2012-5580
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Format string vulnerability in the print_proxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a proxy name, as demonstrated using the http_proxy environment variable or a PAC file.
Una vulnerabilidad de cadena de formato en la función print_proxies en bin/proxy.c en libproxy 0.3.1 podría permitir a atacantes dependientes del contexto causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de especificadores de cadenas de formatos en un nombre de proxy, tal y como fue demostrado mediante el uso de la variable de entorno http_proxy o un fichero PAC.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-10-24 CVE Reserved
- 2014-10-27 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2024-10-25 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/56712 | Vdb Entry | |
https://code.google.com/p/libproxy/source/detail?r=475 | X_refsource_confirm | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/80340 | Vdb Entry |
URL | Date | SRC |
---|---|---|
https://bugzilla.novell.com/show_bug.cgi?id=791086 | 2024-08-06 | |
https://bugzilla.redhat.com/show_bug.cgi?id=883100 | 2024-08-06 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Libproxy Project Search vendor "Libproxy Project" | Libproxy Search vendor "Libproxy Project" for product "Libproxy" | 0.3.1 Search vendor "Libproxy Project" for product "Libproxy" and version "0.3.1" | - |
Affected
|