7.5

CVE-2009-0585

Integer overflow in the soup_base64_encode function in soup-misc.c in libsoup 2.x.x before 2.2.x, and 2.x before 2.24, allows context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Joe ShawLibsoup Version2.1
Joe ShawLibsoup Version2.23.1
Joe ShawLibsoup Version2.23.6
Joe ShawLibsoup Version2.23.91
Joe ShawLibsoup Version2.23.92
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.02% 0.893
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
http://secunia.com/advisories/35065
http://openwall.com/lists/oss-security/2009/03/12/2
Patch
http://www.ocert.org/advisories/ocert-2008-015.html
http://www.securityfocus.com/archive/1/501712/100/0/threaded
http://www.securityfocus.com/bid/34100
Patch
http://ocert.org/patches/2008-015/libsoup-CVE-2009-0585.diff
Patch
http://secunia.com/advisories/34310
http://secunia.com/advisories/34337
http://secunia.com/advisories/34401
http://support.avaya.com/elmodocs2/security/ASA-2009-088.htm
http://www.debian.org/security/2009/dsa-1748
http://www.mandriva.com/security/advisories?name=MDVSA-2009:081
http://www.redhat.com/support/errata/RHSA-2009-0344.html
http://www.ubuntu.com/usn/USN-737-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/49273
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9599