Fluid Attacks Database

Description

Format string vulnerability in the print_proxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a proxy name, as demonstrated using the http_proxy environment variable or a PAC file.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	libproxy	>=0 <0.3.1-4	0.3.1-4
debian 11	libproxy	>=0 <0.3.1-4	0.3.1-4
debian 13	libproxy	>=0 <0.3.1-4	0.3.1-4
debian 12	libproxy	>=0 <0.3.1-4	0.3.1-4
rpm rhel6	libproxy	-	-

Aliases

1. CVE-2012-55802. NVD-2012-55803. OSV-DEBIAN-2012-55804. OSV-2012-55805. SECURITY-TRACKER-CVE-2012-5580

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.