Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200403-01
HistoryMar 05, 2004 - 12:00 a.m.

Libxml2 URI Parsing Buffer Overflow Vulnerabilities

2004-03-0500:00:00
Gentoo Foundation
security.gentoo.org
15

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.677 Medium

EPSS

Percentile

98.0%

JSON

Background

Description

Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6. When the libxml2 library fetches a remote resource via FTP or HTTP, libxml2 uses parsing routines that can overflow a buffer caused by improper bounds checking if they are passed a URL longer than 4096 bytes.

Impact

If an attacker is able to exploit an application using libxml2 that parses remote resources, then this flaw could be used to execute arbitrary code.

Workaround

No workaround is available; users are urged to upgrade libxml2 to 2.6.6.

Resolution

All users are recommended to upgrade their libxml2 installation:

 # emerge sync
 # emerge -pv ">=dev-libs/libxml2-2.6.6"
 # emerge ">=dev-libs/libxml2-2.6.6"
OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-libs/libxml2< 2.6.6UNKNOWN

Related

nessus 12
openvas 14
nvd 1
debiancve 1
redhat 2
cvelist 1
osv 1
freebsd 1
securityvulns 1
ubuntucve 1
debian 2
cve 1
centos 1
cert 1
fedora 2
nessus
nessus
FreeBSD : libxml2 stack buffer overflow in URI parsing (847ade05-6717-11d8-b321-000a95bc6fae)
2009-04-23 00:00:00
GLSA-200403-01 : Libxml2 URI Parsing Buffer Overflow Vulnerabilities
2004-08-30 00:00:00
SuSE9 Security Update : libxml2 (YOU Patch Number 9581)
2009-09-24 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200403-01 (libxml)
2008-09-24 00:00:00
Debian Security Advisory DSA 455-1 (libxml, libxml2)
2008-01-17 00:00:00
SLES9: Security update for libxml2
2009-10-10 00:00:00
nvd
nvd
CVE-2004-0110
2004-03-15 05:00:00
debiancve
debiancve
CVE-2004-0110
2004-03-15 05:00:00
redhat
redhat
(RHSA-2004:090) libxml2 security update
2004-02-26 00:00:00
(RHSA-2004:650) libxml security update
2004-12-16 00:00:00
cvelist
cvelist
CVE-2004-0110
2004-03-04 05:00:00
osv
osv
libxml - buffer overflows
2004-03-03 00:00:00
freebsd
freebsd
libxml2 stack buffer overflow in URI parsing
2004-02-08 00:00:00
securityvulns
securityvulns
[Full-Disclosure] [RHSA-2004:091-01] Updated libxml2 packages fix security vulnerability
2004-02-26 00:00:00
ubuntucve
ubuntucve
CVE-2004-0110
2004-03-15 00:00:00
debian
debian
[SECURITY] [DSA 455-1] New libxml packages fix arbitrary code execution
2004-03-04 10:22:56
[SECURITY] [DSA 455-1] New libxml packages fix arbitrary code execution
2004-03-04 10:22:56
cve
cve
CVE-2004-0110
2004-03-15 05:00:00
centos
centos
libxml security update
2005-05-27 13:28:28
cert
cert
Libxml2 URI parsing errors in nanohttp and nanoftp
2004-03-09 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: libxml-1.8.17-24.fc10
2009-08-15 08:20:49
[SECURITY] Fedora 11 Update: libxml-1.8.17-24.fc11
2009-08-15 08:18:18

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.677 Medium

EPSS

Percentile

98.0%

JSON
Related for GLSA-200403-01
nessus12openvas14nvd1debiancve1redhat2cvelist1osv1freebsd1securityvulns1ubuntucve1debian2cve1centos1cert1fedora2