1. Home
  2. CVE Database
  3. CVE-2004-0989
HIGH · 10.0

CVE-2004-0989

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled b...

Vulnerability Description

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
XmlsoftLibxml1.8.17
XmlsoftLibxml22.5.11
XmlstarletCommand Line Xml Toolkit0.9.1
RedhatFedora Corecore_2.0
TrustixSecure Linux2.0
UbuntuUbuntu Linux4.1

References

FAQ

What is CVE-2004-0989?

CVE-2004-0989 is a vulnerability with a CVSS score of 10.0 (HIGH). Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled b...

How severe is CVE-2004-0989?

CVE-2004-0989 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2004-0989?

Check the references section above for vendor advisories and patch information. Affected products include: Xmlsoft Libxml, Xmlsoft Libxml2, Xmlstarlet Command Line Xml Toolkit, Redhat Fedora Core, Trustix Secure Linux.