Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0110

11 documents8 sources
Severity
7.5HIGH
EPSS
41.3%
top 2.60%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
SGI PropackXmlsoft LibxmlXmlsoft Libxml2
Timeline
PublishedMar 15
Latest updateApr 29

Description

Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

NVDxmlsoft/libxml211 versions+10
Debianlibxml2< 2.6.6-1+3
NVDxmlsoft/libxml1.8.17
NVDsgi/propack2.3, 2.4+1

Patches

Patch: rhn.redhat.comPatch: www.securityfocus.comPatch: rhn.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-rvch-8g97-9qch: Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 22022-04-29
OSV
CVE-2004-0110: Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 22004-03-15
CVEList
CVE-2004-0110: Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 22004-03-04

💥Exploits & PoCs

1
Exploit-DB
libxml 2.6.12 nanoftp - Local Buffer Overflow2004-10-26

📋Vendor Advisories

2
Red Hat
libxml2 long URL causes SEGV2004-02-12
Debian
CVE-2004-0110: libxml2 - Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (...2004

💬Community

2
Bugzilla
CVE-2004-0110 libxml2 long URL causes SEGV2008-01-29
Bugzilla
CAN-2004-0110 multiple buffer overflows (CAN-2004-0989)2004-11-12
CVE-2004-0110 (HIGH CVSS 7.5) | Buffer overflow in the (1) nanohttp | cvebase.io