Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2009-0689
HistoryJul 01, 2009 - 12:00 a.m.

CVE-2009-0689

2009-07-0100:00:00
ubuntu.com
ubuntu.com
18

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.97 High

EPSS

Percentile

99.7%

JSON

Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c)
and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as
used in multiple operating systems and products including in FreeBSD 6.4
and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and
3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products,
allows context-dependent attackers to cause a denial of service
(application crash) and possibly execute arbitrary code via a large
precision value in the format argument to a printf function, which triggers
incorrect memory allocation and a heap-based buffer overflow during
conversion to a floating-point number.

Notes

Author Note
mdeslaur description omitted KDE. Mozilla has CVE-2009-1563 for the same issue. Red Hat released RHSA-2009:1601-01 to fix kdelibs
OSVersionArchitecturePackageVersionFilename
ubuntu8.10noarchkde4libs< 4:4.1.4-0ubuntu1~intrepid1.5UNKNOWN
ubuntu9.04noarchkde4libs< 4:4.2.2-0ubuntu5.4UNKNOWN
ubuntu9.10noarchkde4libs< 4:4.3.2-0ubuntu7.2UNKNOWN
ubuntu10.04noarchkde4libs< 4:3.5.10.dfsg.1-2.1ubuntu4UNKNOWN
ubuntu8.04noarchkdelibs< 4:3.5.10-0ubuntu1~hardy1.5UNKNOWN
ubuntu8.10noarchkdelibs< 4:3.5.10-0ubuntu6.4UNKNOWN
ubuntu9.04noarchkdelibs< 4:3.5.10.dfsg.1-1ubuntu8.4UNKNOWN
ubuntu9.10noarchkdelibs< 4:3.5.10.dfsg.1-2ubuntu7.2UNKNOWN
ubuntu10.04noarchkdelibs< 4:3.5.10.dfsg.1-2.1ubuntu4UNKNOWN
ubuntu8.04noarchthunderbird< 2.0.0.24+build1+nobinonly-0ubuntu0.8.04.1UNKNOWN
Rows per page:
1-10 of 131

Related

cve 2
nessus 59
packetstorm 13
exploitpack 5
securityvulns 14
seebug 14
nvd 2
exploitdb 5
openvas 45
redhat 5
prion 1
debiancve 1
opera 1
threatpost 1
veracode 1
fedora 1
debian 6
cvelist 2
centos 4
osv 4
mageia 1
oraclelinux 3
ubuntu 2
chrome 1
checkpoint_advisories 1
freebsd 2
mozilla 1
hackerone 1
suse 1
cve
cve
CVE-2009-1563
2009-10-29 14:30:00
CVE-2009-0689
2009-07-01 13:00:01
nessus
nessus
SuSE 11 Security Update : Mozilla (SAT Patch Number 1503)
2009-11-09 00:00:00
SuSE 10 Security Update : mozilla-nspr (ZYPP Patch Number 6630)
2009-11-09 00:00:00
openSUSE Security Update : mozilla-nspr (mozilla-nspr-1510)
2009-11-09 00:00:00
packetstorm
packetstorm
Opera 10.01 Remote Array Overrun
2009-11-20 00:00:00
K-Meleon 1.5.3 Remote Array Overrun
2009-11-20 00:00:00
SeaMonkey 1.1.0 Remote Array Overrun
2009-11-20 00:00:00
exploitpack
exploitpack
KDE KDELibs 4.3.3 - Remote Array Overrun
2009-11-19 00:00:00
SeaMonkey 1.1.8 - Remote Array Overrun
2009-11-19 00:00:00
Opera 10.01 - Remote Array Overrun
2009-11-19 00:00:00
securityvulns
securityvulns
K-Meleon 1.5.3 Remote Array Overrun &#40;Arbitrary code execution&#41;
2009-11-20 00:00:00
SeaMonkey 1.1.8 Remote Array Overrun &#40;Arbitrary code execution&#41;
2009-11-20 00:00:00
Opera 10.01 Remote Array Overrun &#40;Arbitrary code execution&#41;
2009-11-20 00:00:00
seebug
seebug
Opera 10.01 Remote Array Overrun (Arbitrary code execution)
2009-11-22 00:00:00
SeaMonkey 1.1.8 Remote Array Overrun
2009-11-19 00:00:00
SeaMonkey 1.1.8 - Remote Array Overrun
2014-07-01 00:00:00
nvd
nvd
CVE-2009-1563
2009-10-29 14:30:00
CVE-2009-0689
2009-07-01 13:00:01
exploitdb
exploitdb
K-Meleon 1.5.3 - Remote Array Overrun
2009-11-19 00:00:00
Opera 10.01 - Remote Array Overrun
2009-11-19 00:00:00
SeaMonkey 1.1.8 - Remote Array Overrun
2009-11-19 00:00:00
openvas
openvas
Debian Security Advisory DSA 1931-1 (nspr)
2009-11-11 00:00:00
Debian: Security Advisory (DSA-1931-1)
2009-11-11 00:00:00
SLES10: Security update for mozilla-nspr
2009-11-11 00:00:00
redhat
redhat
(RHSA-2009:1601) Critical: kdelibs security update
2009-11-24 00:00:00
(RHSA-2014:0312) Critical: php security update
2014-03-18 00:00:00
(RHSA-2014:0311) Critical: php security update
2014-03-18 00:00:00
prion
prion
Heap overflow
2009-07-01 13:00:00
debiancve
debiancve
CVE-2009-0689
2009-07-01 13:00:01
opera
opera
Heap buffer overflow in string to number conversion
2009-11-20 00:00:00
threatpost
threatpost
'High Risk' Flaw Fixed in Google Chrome
2009-10-06 22:32:02
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:58:49
fedora
fedora
[SECURITY] Fedora 23 Update: mono-4.0.5-2.fc23
2015-12-29 22:26:22
debian
debian
[SECURITY] [DLA 376-1] mono security update
2015-12-30 11:29:31
[SECURITY] [DSA 1998-1] New kdelibs packages fix arbitrary code execution
2010-02-17 18:25:18
[Backports-security-announce] Security Update for nsrp
2010-07-21 08:26:53
cvelist
cvelist
CVE-2009-0689
2009-07-01 12:26:00
CVE-2009-1563
2009-10-29 14:00:00
centos
centos
kdelibs security update
2009-11-25 14:52:10
php security update
2014-03-19 01:15:26
seamonkey security update
2009-10-28 13:15:48
osv
osv
mono - security update
2018-11-01 00:00:00
mono - security update
2015-12-30 00:00:00
kdelibs - arbitrary code execution
2010-02-17 00:00:00
mageia
mageia
Updated mono packages fix security vulnerability
2016-01-14 04:44:39
oraclelinux
oraclelinux
kdelibs security update
2009-11-24 00:00:00
php security update
2014-03-18 00:00:00
seamonkey security update
2009-10-28 00:00:00
ubuntu
ubuntu
KDE vulnerabilities
2009-12-11 00:00:00
Thunderbird vulnerabilities
2010-03-18 00:00:00
chrome
chrome
Stable Channel Update
2009-09-30 00:00:00
checkpoint_advisories
checkpoint_advisories
Mozilla Firefox Floating Point Number Conversion Memory Corruption (CVE-2009-1563)
2010-05-12 00:00:00
freebsd
freebsd
mono -- DoS and code execution
2015-12-19 00:00:00
opera -- multiple vulnerabilities
2009-11-23 00:00:00
mozilla
mozilla
Heap buffer overflow in string to number conversion — Mozilla
2009-10-27 00:00:00
hackerone
hackerone
Ruby: Ruby: Heap Overflow in Floating Point Parsing
2013-11-22 00:00:00
suse
suse
Security update for ruby (critical)
2013-12-05 18:04:15

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.97 High

EPSS

Percentile

99.7%

JSON
Related for UB:CVE-2009-0689
cve2nessus59packetstorm13exploitpack5securityvulns14seebug14nvd2exploitdb5openvas45redhat5prion1debiancve1opera1threatpost1veracode1fedora1debian6cvelist2centos4osv4mageia1oraclelinux3ubuntu2chrome1checkpoint_advisories1freebsd2mozilla1hackerone1suse1