Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-455
HistoryMar 03, 2004 - 12:00 a.m.

libxml - buffer overflows

2004-03-0300:00:00
Google
osv.dev
10

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

libxml2 is a library for manipulating XML files.

Yuuichi Teranishi (寺西 裕一)
discovered a flaw in libxml, the GNOME XML library.
When fetching a remote resource via FTP or HTTP, the library uses
special parsing routines which can overflow a buffer if passed a very
long URL. If an attacker is able to find an application using libxml1
or libxml2 that parses remote resources and allows the attacker to
craft the URL, then this flaw could be used to execute arbitrary code.

For the stable distribution (woody) this problem has been fixed in
version 1.8.17-2woody1 of libxml and version 2.4.19-4woody1 of libxml2.

For the unstable distribution (sid) this problem has been fixed in
version 1.8.17-5 of libxml and version 2.6.6-1 of libxml2.

We recommend that you upgrade your libxml1 and libxml2 packages.

Related

nessus 12
openvas 14
freebsd 1
gentoo 1
debian 2
redhat 2
debiancve 1
cvelist 1
securityvulns 1
ubuntucve 1
cve 1
cert 1
centos 1
fedora 2
nessus
nessus
SuSE9 Security Update : libxml2 (YOU Patch Number 9581)
2009-09-24 00:00:00
FreeBSD : libxml2 stack buffer overflow in URI parsing (847ade05-6717-11d8-b321-000a95bc6fae)
2009-04-23 00:00:00
GLSA-200403-01 : Libxml2 URI Parsing Buffer Overflow Vulnerabilities
2004-08-30 00:00:00
openvas
openvas
SLES9: Security update for libxml2
2009-10-10 00:00:00
Debian Security Advisory DSA 455-1 (libxml, libxml2)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200403-01 (libxml)
2008-09-24 00:00:00
freebsd
freebsd
libxml2 stack buffer overflow in URI parsing
2004-02-08 00:00:00
gentoo
gentoo
Libxml2 URI Parsing Buffer Overflow Vulnerabilities
2004-03-05 00:00:00
debian
debian
[SECURITY] [DSA 455-1] New libxml packages fix arbitrary code execution
2004-03-04 00:00:00
[SECURITY] [DSA 455-1] New libxml packages fix arbitrary code execution
2004-03-04 10:22:56
redhat
redhat
(RHSA-2004:090) libxml2 security update
2004-02-26 00:00:00
(RHSA-2004:650) libxml security update
2004-12-16 00:00:00
debiancve
debiancve
CVE-2004-0110
2004-03-15 05:00:00
cvelist
cvelist
CVE-2004-0110
2004-03-04 05:00:00
securityvulns
securityvulns
[Full-Disclosure] [RHSA-2004:091-01] Updated libxml2 packages fix security vulnerability
2004-02-26 00:00:00
ubuntucve
ubuntucve
CVE-2004-0110
2004-03-15 00:00:00
cve
cve
CVE-2004-0110
2004-03-15 05:00:00
cert
cert
Libxml2 URI parsing errors in nanohttp and nanoftp
2004-03-09 00:00:00
centos
centos
libxml security update
2005-05-27 13:28:28
fedora
fedora
[SECURITY] Fedora 10 Update: libxml-1.8.17-24.fc10
2009-08-15 08:20:49
[SECURITY] Fedora 11 Update: libxml-1.8.17-24.fc11
2009-08-15 08:18:18

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON
Related for OSV:DSA-455
nessus12openvas14freebsd1gentoo1debian2redhat2debiancve1cvelist1securityvulns1ubuntucve1cve1cert1centos1fedora2