{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-11-24T00:00:00", "descriptions": [{"lang": "en", "value": "Format string vulnerability in the print_proxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a proxy name, as demonstrated using the http_proxy environment variable or a PAC file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "56712", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/56712"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://code.google.com/p/libproxy/source/detail?r=475"}, {"name": "libproxy-printproxies-format-string(80340)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80340"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=883100"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=791086"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-5580", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Format string vulnerability in the print_proxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a proxy name, as demonstrated using the http_proxy environment variable or a PAC file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "56712", "refsource": "BID", "url": "http://www.securityfocus.com/bid/56712"}, {"name": "https://code.google.com/p/libproxy/source/detail?r=475", "refsource": "CONFIRM", "url": "https://code.google.com/p/libproxy/source/detail?r=475"}, {"name": "libproxy-printproxies-format-string(80340)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80340"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=883100", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=883100"}, {"name": "https://bugzilla.novell.com/show_bug.cgi?id=791086", "refsource": "CONFIRM", "url": "https://bugzilla.novell.com/show_bug.cgi?id=791086"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:14:15.617Z"}, "title": "CVE Program Container", "references": [{"name": "56712", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/56712"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://code.google.com/p/libproxy/source/detail?r=475"}, {"name": "libproxy-printproxies-format-string(80340)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80340"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=883100"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=791086"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-5580", "datePublished": "2014-10-27T22:00:00", "dateReserved": "2012-10-24T00:00:00", "dateUpdated": "2024-08-06T21:14:15.617Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libproxy_project:libproxy:0.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "E3A470FD-BAB3-4A03-89A7-F86FC9F8D339", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Format string vulnerability in the print_proxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a proxy name, as demonstrated using the http_proxy environment variable or a PAC file."}, {"lang": "es", "value": "Una vulnerabilidad de cadena de formato en la funci\u00f3n print_proxies en bin/proxy.c en libproxy 0.3.1 podr\u00eda permitir a atacantes dependientes del contexto causar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de especificadores de cadenas de formatos en un nombre de proxy, tal y como fue demostrado mediante el uso de la variable de entorno http_proxy o un fichero PAC."}], "id": "CVE-2012-5580", "lastModified": "2017-08-29T01:32:42.887", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-10-27T22:55:09.907", "references": [{"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/56712"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=791086"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=883100"}, {"source": "secalert@redhat.com", "url": "https://code.google.com/p/libproxy/source/detail?r=475"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80340"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "libproxy: format string flaw in bin/proxy", "id": "883100", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=883100"}, "csaw": false, "cvss": {"cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "status": "draft"}, "details": ["Format string vulnerability in the print_proxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a proxy name, as demonstrated using the http_proxy environment variable or a PAC file."], "name": "CVE-2012-5580", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "libproxy", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2012-11-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-5580\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-5580"], "statement": "The Red Hat Security Response Team has rated this issue as having low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low", "upstream_fix": "libproxy 0.4.0"}