CVE-2004-0989

NONE EPSS 97.3%
Published Mar 1, 200521y ago · Modified Jun 16, 20262w ago
Find Similar
Published Mar 1, 2005 21y ago
Last Modified Jun 16, 2026 2w ago

Description

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.

Threat Intelligence

EPSS Exploit Probability
97.3% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Affected Products 16

VendorProductVersionRange
xmlsoftlibxml1.8.17any
xmlsoftlibxml22.5.11any
xmlsoftlibxml22.6.6any
xmlsoftlibxml22.6.7any
xmlsoftlibxml22.6.8any
xmlsoftlibxml22.6.9any
xmlsoftlibxml22.6.11any
xmlsoftlibxml22.6.12any
xmlsoftlibxml22.6.13any
xmlsoftlibxml22.6.14any
xmlstarletcommand_line_xml_toolkit0.9.1any
redhatfedora_corecore_2.0any
trustixsecure_linux2.0any
trustixsecure_linux2.1any
ubuntuubuntu_linux4.1any
ubuntuubuntu_linux4.1any

References 22

Remediation

  • securityfocus.com http://www.securityfocus.com/bid/11526
    ExploitPatchVendor Advisory