Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0989 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Libxml

16 documents9 sources

Severity

10.0CRITICALNVD

EPSS

24.3%

top 3.90%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Xmlsoft Libxml2 Redhat Fedora Core Trustix Secure Linux +3 more

Timeline

PublishedMar 1

Latest updateApr 29

Description

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages6 packages

▶Debianxmlsoft/libxml2< 2.6.11-5+3

▶NVDxmlsoft/libxml29 versions+8

▶NVDxmlsoft/libxml1.8.17

▶NVDredhat/fedora_corecore_2.0

▶NVDtrustix/secure_linux2.0, 2.1+1

Also affects: Ubuntu Linux 4.1

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-mpv4-c8cf-72rm: Multiple buffer overflows in libXML 2↗2022-04-29

▶

OSV

CVE-2004-0989: Multiple buffer overflows in libXML 2↗2005-03-01

▶

CVEList

CVE-2004-0989: Multiple buffer overflows in libXML 2↗2004-10-28

▶

💥Exploits & PoCs

Exploit-DB

Libxml2 - Multiple Remote Stack Buffer Overflow Vulnerabilities↗2004-10-26

▶

📋Vendor Advisories

Ubuntu

XML library vulnerabilities↗2005-02-28

▶

Red Hat

libxml2 various overflows↗2004-10-26

▶

Red Hat

security flaw↗2004-01-14

▶

Red Hat

security flaw↗2004-01-04

▶

Debian

CVE-2004-0989: libxml2 - Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly ot...↗2004

▶

💬Community

Bugzilla

CVE-2003-0989 security flaw↗2018-08-16

▶

Bugzilla

CVE-2004-0057 security flaw↗2018-08-16

▶

Bugzilla

CVE-2004-0989 libxml2 various overflows↗2008-01-29

▶

Bugzilla

CAN-2004-0110 multiple buffer overflows (CAN-2004-0989)↗2004-11-12

▶