Remote Code Execution Vulnerability in libXML Versions 2.6.12 and 2.6.13
CVE-2004-0989

Currently unrated

Key Information:

Vendor

Xmlsoft

Status
Libxml2
Command Line Xml Toolkit
Libxml
Vendor
CVE Published:
1 March 2005

What is CVE-2004-0989?

Multiple buffer overflow vulnerabilities exist in libXML versions 2.6.12 and 2.6.13 that could allow remote attackers to execute arbitrary code. These vulnerabilities can be exploited through specially crafted FTP and proxy URLs that the xmlNanoFTPScanURL and xmlNanoFTPScanProxy functions do not handle properly. Other functions, including xmlNanoFTPConnect, xmlNanoHTTPConnectHost, and xmlNanoHTTPConnectHost, may also contribute to these overflows when DNS length values are manipulated. These issues could potentially lead to significant security breaches in applications relying on these libXML versions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://lists.apple.com/archives/security-announce/2005/Ja...
vendor-advisoryx_refsource_APPLE
http://marc.info/?l=bugtraq&m=109880813013482&w=2
mailing-listx_refsource_BUGTRAQ
http://www.ciac.org/ciac/bulletins/p-029.shtml
third-party-advisorygovernment-resourcex_refsource_CIAC

EPSS Score

36% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.