CVE-2012-4505

Name of the Vulnerable Software and Affected Versions libproxy versions 0.2.x through 0.3.x libproxy-kde version 0.3.0 libproxy-mozjs version 0.3.0 libproxy-python version 0.3.0 libproxy-gnome version 0.3.0 libproxy-webkit version 0.3.0 libproxy-debuginfo version 0.3.0 libproxy-bin version 0.3.0 libproxy-devel version 0.3.0

Description The issue is related to a heap-based buffer overflow in the px pac reload function in lib/pac.c, which allows remote servers to have an unspecified impact via a crafted Content-Length size in an HTTP response header for a proxy.pac file request. This can lead to a disruption of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be done remotely.

Recommendations For libproxy versions 0.2.x through 0.3.x, consider disabling the px pac reload function as a temporary workaround until a patch is available. For libproxy-kde version 0.3.0, restrict access to the vulnerable module to minimize the risk of exploitation. For libproxy-mozjs version 0.3.0, avoid using the Content-Length parameter in the affected HTTP response header until the issue is resolved. For libproxy-python version 0.3.0, consider disabling the px pac reload function as a temporary workaround until a patch is available. For libproxy-gnome version 0.3.0, restrict access to the vulnerable module to minimize the risk of exploitation. For libproxy-webkit version 0.3.0, avoid using the Content-Length parameter in the affected HTTP response header until the issue is resolved. For libproxy-debuginfo version 0.3.0, consider disabling the px pac reload function as a temporary workaround until a patch is available. For libproxy-bin version 0.3.0, restrict access to the vulnerable module to minimize the risk of exploitation. For libproxy-devel version 0.3.0, avoid using the Content-Length parameter in the affected HTTP response header until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.