cbcvebase.
CVE-2009-2414
published 2009-08-11

CVE-2009-2414: Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial…

PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
3.12%
86.2th percentile
Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework.

Affected

16 ranges
VendorProductVersion rangeFixed in
debianlibxml2< libxml2 2.7.3.dfsg-2.1 (bookworm)libxml2 2.7.3.dfsg-2.1 (bookworm)
vmwareesxi
vmwarevmware_tools
vmwarevmware_vcenter_server
vmwarevmware_vsphere
vmwarevmware_workstation
xmlsoftlibxml
xmlsoftlibxml2
xmlsoftlibxml2
xmlsoftlibxml2
xmlsoftlibxml2
xmlsoftlibxml2
xmlsoftlibxml2>= 0 < 2.7.3.dfsg-2.12.7.3.dfsg-2.1
xmlsoftlibxml2>= 0 < 2.7.3.dfsg-2.12.7.3.dfsg-2.1
xmlsoftlibxml2>= 0 < 2.7.3.dfsg-2.12.7.3.dfsg-2.1
xmlsoftlibxml2>= 0 < 2.7.3.dfsg-2.12.7.3.dfsg-2.1

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_ubuntu10.0CRITICAL
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.