4.3

CVE-2009-2414

Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
XmlsoftLibxml Version1.8.17
XmlsoftLibxml2 Version2.5.10
XmlsoftLibxml2 Version2.6.16
XmlsoftLibxml2 Version2.6.26
XmlsoftLibxml2 Version2.6.27
XmlsoftLibxml2 Version2.6.32
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.12% 0.861
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://secunia.com/advisories/37471
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2009/3316
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
http://support.apple.com/kb/HT3937
http://www.vupen.com/english/advisories/2009/3184
http://www.ubuntu.com/usn/USN-815-1
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
http://support.apple.com/kb/HT4225
http://www.cert.fi/en/reports/2009/vulnerability2009085.html
http://www.codenomicon.com/labs/xml/
http://www.networkworld.com/columnists/2009/080509-xml-flaw.html
http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html
http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html
http://secunia.com/advisories/35036
http://secunia.com/advisories/36207
http://secunia.com/advisories/36338
http://secunia.com/advisories/36417
http://secunia.com/advisories/36631
http://secunia.com/advisories/37346
http://support.apple.com/kb/HT3949
http://www.debian.org/security/2009/dsa-1859
Patch
http://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg678527.html
http://www.openoffice.org/security/cves/CVE-2009-2414-2416.html
http://www.securityfocus.com/bid/36010
http://www.vupen.com/english/advisories/2009/2420
http://www.vupen.com/english/advisories/2009/3217
https://bugzilla.redhat.com/show_bug.cgi?id=515195
https://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10129
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8639
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00537.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00547.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00642.html