Fluid Attacks Database

Description

Heap-based buffer overflow in the px_pac_reload function in lib/pac.c in libproxy 0.2.x and 0.3.x allows remote servers to have an unspecified impact via a crafted Content-Length size in an HTTP response header for a proxy.pac file request, a different vulnerability than CVE-2012-4504.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	libproxy	>=0 <0.3.1-5.1	0.3.1-5.1
debian 13	libproxy	>=0 <0.3.1-5.1	0.3.1-5.1
debian 11	libproxy	>=0 <0.3.1-5.1	0.3.1-5.1
rpm rhel6	libproxy	<0:0.3.0-3.el6_3	0:0.3.0-3.el6_3
debian 12	libproxy	>=0 <0.3.1-5.1	0.3.1-5.1

Aliases

1. CVE-2012-45052. NVD-2012-45053. OSV-DEBIAN-2012-45054. OSV-2012-45055. SECURITY-TRACKER-CVE-2012-4505

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.