CVE-2012-4504
Published: 12 October 2012
Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have an unspecified impact via a large proxy.pac file.
Notes
Author | Note |
---|---|
jdstrand | only 0.4 affected |
Priority
Status
Package | Release | Status |
---|---|---|
libproxy Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Not vulnerable
|
|
natty |
Not vulnerable
|
|
oneiric |
Not vulnerable
(0.3.1-2ubuntu6)
|
|
precise |
Released
(0.4.7-0ubuntu4.1)
|
|
quantal |
Released
(0.4.7-0ubuntu6)
|
|
upstream |
Released
(0.4.9)
|
|
Patches: other: http://code.google.com/p/libproxy/source/detail?r=853 |
||
This vulnerability is mitigated in part by the use of gcc's stack protector in Ubuntu. |