6.5

CVE-2009-2416

Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
XmlsoftLibxml Version1.8.17
XmlsoftLibxml2 Version2.5.10
XmlsoftLibxml2 Version2.6.16
XmlsoftLibxml2 Version2.6.26
XmlsoftLibxml2 Version2.6.27
XmlsoftLibxml2 Version2.6.32
FedoraprojectFedora Version10
FedoraprojectFedora Version11
DebianDebian Linux Version4.0
RedhatEnterprise Linux Version3.0
RedhatEnterprise Linux Version4.0
RedhatEnterprise Linux Version5.0
CanonicalUbuntu Linux Version6.06
CanonicalUbuntu Linux Version8.04 SwEdition-
CanonicalUbuntu Linux Version8.10
CanonicalUbuntu Linux Version9.04
GoogleChrome Version < 2.0.172.43
AppleSafari Version < 4.0.4
AppleiPhone OS Version >= 2.0 < 4.0
ApplemacOS X Version < 10.4.11
ApplemacOS X Version >= 10.5.0 < 10.5.8
ApplemacOS X Version >= 10.6.0 < 10.6.2
ApplemacOS X Server Version < 10.4.11
ApplemacOS X Server Version >= 10.5.0 < 10.5.8
ApplemacOS X Server Version >= 10.6.0 < 10.6.2
OpensuseOpensuse Version >= 10.3 <= 11.1
SuseLinux Enterprise Version10.0 Update-
SuseLinux Enterprise Version11.0 Update-
VMwarevCenter Server Version4.0 Update-
VMwareVma Version4.0
VMwareEsx Version3.0.3
VMwareEsx Version3.5
VMwareEsx Version4.0
VMwareESXi Version3.5
VMwareESXi Version4.0
SunOpenoffice.Org Version >= 2.0.0 < 2.4.3
SunOpenoffice.Org Version >= 3.0.0 < 3.1.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.79% 0.756
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

http://secunia.com/advisories/37471
Broken Link
http://www.securityfocus.com/archive/1/507985/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
Third Party Advisory
http://www.vupen.com/english/advisories/2009/3316
Broken Link
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
Mailing List
http://support.apple.com/kb/HT3937
Third Party Advisory
http://www.vupen.com/english/advisories/2009/3184
Broken Link
http://www.ubuntu.com/usn/USN-815-1
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
Mailing List
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
Mailing List
http://support.apple.com/kb/HT4225
Third Party Advisory
http://www.cert.fi/en/reports/2009/vulnerability2009085.html
Broken Link
http://www.codenomicon.com/labs/xml/
Broken Link
http://www.networkworld.com/columnists/2009/080509-xml-flaw.html
Broken Link
http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html
Release Notes
http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html
Mailing List
http://secunia.com/advisories/35036
Broken Link
http://secunia.com/advisories/36207
Broken Link
http://secunia.com/advisories/36338
Broken Link
http://secunia.com/advisories/36417
Broken Link
http://secunia.com/advisories/36631
Broken Link
http://secunia.com/advisories/37346
Broken Link
http://support.apple.com/kb/HT3949
Third Party Advisory
http://www.debian.org/security/2009/dsa-1859
Patch
Mailing List
http://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg678527.html
Patch
http://www.openoffice.org/security/cves/CVE-2009-2414-2416.html
Third Party Advisory
http://www.securityfocus.com/bid/36010
Third Party Advisory
Broken Link
VDB Entry
http://www.vupen.com/english/advisories/2009/2420
Broken Link
http://www.vupen.com/english/advisories/2009/3217
Broken Link
https://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59
Patch
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00537.html
Mailing List
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00547.html
Mailing List
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00642.html
Mailing List
https://bugzilla.redhat.com/show_bug.cgi?id=515205
Patch
Issue Tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7783
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9262
Broken Link