10

CVE-2004-0989

Exploit

EPSS 28.23%
Published 01.03.2005 05:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.

Affected products Warnungen 0 Metrics 2 CWE 0 References 25

Data is provided by the National Vulnerability Database (NVD)

Xmlsoft ≫ Libxml Version1.8.17

Xmlsoft ≫ Libxml2 Version2.5.11

Xmlsoft ≫ Libxml2 Version2.6.6

Xmlsoft ≫ Libxml2 Version2.6.7

Xmlsoft ≫ Libxml2 Version2.6.8

Xmlsoft ≫ Libxml2 Version2.6.9

Xmlsoft ≫ Libxml2 Version2.6.11

Xmlsoft ≫ Libxml2 Version2.6.12

Xmlsoft ≫ Libxml2 Version2.6.13

Xmlsoft ≫ Libxml2 Version2.6.14

Xmlstarlet ≫ Command Line Xml Toolkit Version0.9.1

Redhat ≫ Fedora Core Versioncore_2.0

Trustix ≫ Secure Linux Version2.0

Trustix ≫ Secure Linux Version2.1

Ubuntu ≫ Ubuntu Linux Version4.1 Editionia64

Ubuntu ≫ Ubuntu Linux Version4.1 Editionppc

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	28.23%	0.963

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

http://www.novell.com/linux/security/advisories/2005_01_sr.html

http://www.redhat.com/support/errata/RHSA-2004-650.html

http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000890

http://marc.info/?l=bugtraq&m=109880813013482&w=2

http://secunia.com/advisories/13000

http://securitytracker.com/id?1011941

http://www.ciac.org/ciac/bulletins/p-029.shtml

http://www.debian.org/security/2004/dsa-582

http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml

http://www.osvdb.org/11179

http://www.osvdb.org/11180

http://www.osvdb.org/11324

http://www.redhat.com/support/errata/RHSA-2004-615.html

http://www.securityfocus.com/bid/11526

Patch

Vendor Advisory

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/17870

https://exchange.xforce.ibmcloud.com/vulnerabilities/17872

https://exchange.xforce.ibmcloud.com/vulnerabilities/17875

https://exchange.xforce.ibmcloud.com/vulnerabilities/17876

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10505

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1173

https://www.ubuntu.com/usn/usn-89-1/

https://nvd.nist.gov/vuln/detail/CVE-2004-0989

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2004-0989

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2004-0989

EUVD