You are here

CVE-2004-0989

Vincent (CVE) Danen's picture
Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.

Details Source

Mitre

Public Date

2004-10-26 00:00:00

Impact

Moderate

Bugzilla

CVE-2004-0989 libxml2 various overflows

Bugzilla ID

430 645

CVSS Status

draft

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 3 (libxml2) RHSA-2004:615 2004-11-12
Red Hat Enterprise Linux 3 (libxml) RHSA-2004:650 2004-12-16
Red Hat Enterprise Linux 2.1 (libxml2) RHSA-2004:615 2004-11-12
Red Hat Enterprise Linux 2.1 (libxml) RHSA-2004:650 2004-12-16