CVE-2006-0019
published 2006-01-20CVE-2006-0019: Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
6.00%
92.4th percentile
Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
| kde | kde | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pmg9-q8pq-2g6h: Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3
ghsa_unreviewed·2022-05-03
CVE-2006-0019 [HIGH] GHSA-pmg9-q8pq-2g6h: Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3
Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI.
Ubuntu
KDE library vulnerability
vendor_ubuntu·2006-01-20
CVE-2006-0019 KDE library vulnerability
Title: KDE library vulnerability
Summary: KDE library vulnerability
Maksim Orlovich discovered that kjs, the Javascript interpreter engine
used by Konqueror and other parts of KDE, did not sufficiently verify
the validity of UTF-8 encoded URIs. Specially crafted URIs could
trigger a buffer overflow. By tricking an user into visiting a
web site with malicious JavaScript code, a remote attacker could
exploit this to execute arbitrary code with user privileges.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
security flaw
vendor_redhat·2006-01-19·CVSS 7.5
CVE-2006-0019 [HIGH] security flaw
security flaw
Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2006-0019 security flaw
bugzilla·2018-08-16·CVSS 7.5
CVE-2006-0019 [HIGH] CVE-2006-0019 security flaw
CVE-2006-0019 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI.
Bugzilla
Multiple KDE package tracker for multiple vulnerabilities
bugzilla·2006-02-03·CVSS 7.5
CVE-2006-0019 [HIGH] Multiple KDE package tracker for multiple vulnerabilities
Multiple KDE package tracker for multiple vulnerabilities
This bug ticket is being created to be a package tracker for multiple
security bugs identified in KDE from a list in Attachment 123541 for Fedora
Legacy-maintained distros. Please add bugs to the "depends on" list as new
packages are identified which need patching from the Febr. 2005 last set of
Legacy packages up through CVE-2006-0019.
Thanks.
Discussion:
Bug 178606 is for the kdelibs package.
---
Created attachment 124082
Partially filled-out spreadsheet for vulnerabilities vs. distros
Attached is a spreadsheet I have partly completed in discerning which KDE
packages and which distros are affected by which vulnerability from the list
in attachment 123541.
---
Created attachment 124098
Completed spreadsheet - KDE vulnerabi
Bugzilla
kdelibs multiple vulnerabilities (CAN-2005-0396, CAN-2005-0237, CAN-2005-0365, CAN-2005-1046, CAN-2005-1920, CVE-2006-0019)
bugzilla·2006-01-22·CVSS 7.5
CVE-2006-0019 [HIGH] kdelibs multiple vulnerabilities (CAN-2005-0396, CAN-2005-0237, CAN-2005-0365, CAN-2005-1046, CAN-2005-1920, CVE-2006-0019)
kdelibs multiple vulnerabilities (CAN-2005-0396, CAN-2005-0237, CAN-2005-0365, CAN-2005-1046, CAN-2005-1920, CVE-2006-0019)
+++ This bug was initially created as a clone of Bug #177618 +++
The KDE security team reported:
A heap overflow flaw was discovered affecting kjs, the Javascript
interpreter engine used by Konqueror and other parts of KDE. An attacker
who is able to execute javascript code could trigger this flaw potentially
leading to arbitrary code execution. The Common Vulnerabilities and
Exposures project assigned the name CAN-2006-0019 to this issue.
This issue does not affect RHEL2.1 or RHEL3
Embargoed until January 19th 2006
-- Additional comment from [email protected] on 2006-01-19 12:47 EST --
An advisory has been issued which should help the problem
described in th
Bugzilla
CVE-2006-0019 kjs encodeuri/decodeuri heap overflow vulnerability
bugzilla·2006-01-12·CVSS 7.5
CVE-2006-0019 [HIGH] CVE-2006-0019 kjs encodeuri/decodeuri heap overflow vulnerability
CVE-2006-0019 kjs encodeuri/decodeuri heap overflow vulnerability
The KDE security team reported:
A heap overflow flaw was discovered affecting kjs, the Javascript
interpreter engine used by Konqueror and other parts of KDE. An attacker
who is able to execute javascript code could trigger this flaw potentially
leading to arbitrary code execution. The Common Vulnerabilities and
Exposures project assigned the name CAN-2006-0019 to this issue.
This issue does not affect RHEL2.1 or RHEL3
Embargoed until January 19th 2006
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link belo
ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.3-kdelibs-kjs.diffhttp://secunia.com/advisories/18500http://secunia.com/advisories/18540http://secunia.com/advisories/18552http://secunia.com/advisories/18559http://secunia.com/advisories/18561http://secunia.com/advisories/18570http://secunia.com/advisories/18583http://secunia.com/advisories/18899http://securityreason.com/securityalert/364http://securitytracker.com/id?1015512http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.361107http://www.debian.org/security/2006/dsa-948http://www.gentoo.org/security/en/glsa/glsa-200601-11.xmlhttp://www.kde.org/info/security/advisory-20060119-1.txthttp://www.mandriva.com/security/advisories?name=MDKSA-2006:019http://www.osvdb.org/22659http://www.redhat.com/support/errata/RHSA-2006-0184.htmlhttp://www.securityfocus.com/archive/1/422464/100/0/threadedhttp://www.securityfocus.com/archive/1/422489/100/0/threadedhttp://www.securityfocus.com/archive/1/427976/100/0/threadedhttp://www.securityfocus.com/bid/16325http://www.ubuntu.com/usn/usn-245-1http://www.vupen.com/english/advisories/2006/0265https://exchange.xforce.ibmcloud.com/vulnerabilities/24242https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11858ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.3-kdelibs-kjs.diffhttp://secunia.com/advisories/18500http://secunia.com/advisories/18540http://secunia.com/advisories/18552http://secunia.com/advisories/18559http://secunia.com/advisories/18561http://secunia.com/advisories/18570http://secunia.com/advisories/18583http://secunia.com/advisories/18899http://securityreason.com/securityalert/364http://securitytracker.com/id?1015512http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.361107http://www.debian.org/security/2006/dsa-948http://www.gentoo.org/security/en/glsa/glsa-200601-11.xmlhttp://www.kde.org/info/security/advisory-20060119-1.txthttp://www.mandriva.com/security/advisories?name=MDKSA-2006:019http://www.osvdb.org/22659http://www.redhat.com/support/errata/RHSA-2006-0184.htmlhttp://www.securityfocus.com/archive/1/422464/100/0/threadedhttp://www.securityfocus.com/archive/1/422489/100/0/threadedhttp://www.securityfocus.com/archive/1/427976/100/0/threadedhttp://www.securityfocus.com/bid/16325http://www.ubuntu.com/usn/usn-245-1http://www.vupen.com/english/advisories/2006/0265https://exchange.xforce.ibmcloud.com/vulnerabilities/24242https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11858
2006-01-20
Published