Lucene search

Veracode Vulnerability DatabaseVERACODE:11309

HistoryJan 15, 2019 - 9:00 a.m.

Denial Of Service (DoS)

2019-01-1509:00:00

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.014 Low

EPSS

Percentile

86.7%

JSON

libproxy is vulnerable to denial of service. A heap-based buffer overflow in the px_pac_reload function in lib/pac.c when downloading proxy auto-configuration (PAC) files allows a remote attacker to crash the application or possibly execute arbitrary code by hosting a server that serves a malicious PAC file or serving the malicious PAC file in a man-in-the-midle attack.

CPENameOperatorVersion
libproxyeq0.3.0__2.el6

CPE	Name	Operator	Version
	libproxy	eq	0.3.0__2.el6

References

lists.opensuse.org/opensuse-updates/2012-10/msg00065.html

rhn.redhat.com/errata/RHSA-2012-1461.html

secunia.com/advisories/51048

secunia.com/advisories/51180

secunia.com/advisories/51308

www.debian.org/security/2012/dsa-2571

www.openwall.com/lists/oss-security/2012/10/12/1

www.openwall.com/lists/oss-security/2012/10/12/5

www.openwall.com/lists/oss-security/2012/10/16/3

www.securityfocus.com/bid/55910

www.ubuntu.com/usn/USN-1629-1

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=864612

groups.google.com/forum/?fromgroups=#!topic/libproxy/VxZ8No7mT0E