Remote Code Execution Vulnerability in libXML Versions 2.6.12 and 2.6.13
CVE-2004-0989

Currently unrated

Key Information:

Vendor

Xmlsoft

Status
Libxml2
Command Line Xml Toolkit
Libxml
Vendor
CVE Published:
1 March 2005

What is CVE-2004-0989?

Multiple buffer overflow vulnerabilities exist in libXML versions 2.6.12 and 2.6.13 that could allow remote attackers to execute arbitrary code. These vulnerabilities can be exploited through specially crafted FTP and proxy URLs that the xmlNanoFTPScanURL and xmlNanoFTPScanProxy functions do not handle properly. Other functions, including xmlNanoFTPConnect, xmlNanoHTTPConnectHost, and xmlNanoHTTPConnectHost, may also contribute to these overflows when DNS length values are manipulated. These issues could potentially lead to significant security breaches in applications relying on these libXML versions.

References

http://lists.apple.com/archives/security-announce/2005/Ja...
vendor-advisoryx_refsource_APPLE
http://marc.info/?l=bugtraq&m=109880813013482&w=2
mailing-listx_refsource_BUGTRAQ
http://www.ciac.org/ciac/bulletins/p-029.shtml
third-party-advisorygovernment-resourcex_refsource_CIAC

EPSS Score

28% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.