Array Index Error in libc Implementations Affecting Multiple Operating Systems and Software
CVE-2009-0689

Currently unrated

Key Information:

Vendor

FreeBSD

Status
FreeBSD
Firefox
Seamonkey
Netbsd
Vendor
CVE Published:
1 July 2009

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC🟣 EPSS 41%

What is CVE-2009-0689?

The vulnerability in the libc implementations arises from an array index error in the dtoa functions found in both dtoa.c and gdtoa/misc.c files. This issue impacts various operating systems including FreeBSD, NetBSD, and OpenBSD, along with several software applications such as Mozilla Firefox, K-Meleon, and SeaMonkey. It allows context-dependent attackers to exploit the printf function by supplying a large precision value, potentially leading to a denial of service by causing an application crash. Additionally, this exploitation may enable arbitrary code execution through incorrect memory allocation and subsequent heap-based buffer overflow during the conversion to floating-point numbers.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

str2hax
Created by Fullmetal5

References

http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gdtoa/gd...
x_refsource_CONFIRM
http://secunia.com/secunia_research/2009-35/
x_refsource_MISC
https://bugzilla.mozilla.org/show_bug.cgi?id=516862
x_refsource_CONFIRM

EPSS Score

41% chance of being exploited in the next 30 days.

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.