CVE-2006-0019 — Improper Restriction of Operations within the Bounds of a Memory Buffer in KDE

9 documents6 sources

Severity

7.5HIGHNVD

EPSS

6.4%

top 8.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

KDE

Timeline

PublishedJan 20

Latest updateMay 3

Description

Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDkde/kde17 versions+16

Patches

Patch: ftp.kde.org ↗Patch: secunia.com ↗Patch: www.kde.org ↗

🔴Vulnerability Details

GHSA

GHSA-pmg9-q8pq-2g6h: Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3↗2022-05-03

▶

CVEList

CVE-2006-0019: Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3↗2006-01-20

▶

📋Vendor Advisories

Ubuntu

KDE library vulnerability↗2006-01-20

▶

Red Hat

security flaw↗2006-01-19

▶

💬Community

Bugzilla

CVE-2006-0019 security flaw↗2018-08-16

▶

Bugzilla

Multiple KDE package tracker for multiple vulnerabilities↗2006-02-03

▶

Bugzilla

kdelibs multiple vulnerabilities (CAN-2005-0396, CAN-2005-0237, CAN-2005-0365, CAN-2005-1046, CAN-2005-1920, CVE-2006-0019)↗2006-01-22

▶

Bugzilla

CVE-2006-0019 kjs encodeuri/decodeuri heap overflow vulnerability↗2006-01-12

▶