10 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.012 Low
EPSS
Percentile
84.9%
Tomas Hoger reports:
A buffer overflow flaw was discovered in the libproxy’s
url::get_pac() used to download proxy.pac proxy auto-configuration
file. A malicious host hosting proxy.pac, or a man in the middle
attacker, could use this flaw to trigger a stack-based buffer
overflow in an application using libproxy, if proxy configuration
instructed it to download proxy.pac file from a remote HTTP
server.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | libproxy | = 0.4.0 | UNKNOWN |
FreeBSD | any | noarch | libproxy | < 0.4.6_1 | UNKNOWN |
FreeBSD | any | noarch | libproxy-gnome | = 0.4.0 | UNKNOWN |
FreeBSD | any | noarch | libproxy-gnome | < 0.4.6_2 | UNKNOWN |
FreeBSD | any | noarch | libproxy-kde | = 0.4.0 | UNKNOWN |
FreeBSD | any | noarch | libproxy-kde | < 0.4.6_6 | UNKNOWN |
FreeBSD | any | noarch | libproxy-perl | = 0.4.0 | UNKNOWN |
FreeBSD | any | noarch | libproxy-perl | < 0.4.6_3 | UNKNOWN |
FreeBSD | any | noarch | libproxy-webkit | = 0.4.0 | UNKNOWN |
FreeBSD | any | noarch | libproxy-webkit | < 0.4.6_4 | UNKNOWN |