Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2004-10-28T04:00:00
Updated: 2024-08-08T00:38:59.682Z
Reserved: 2004-10-27T00:00:00
Link: CVE-2004-0989
Vulnrichment
No data.
NVD
Status : Modified
Published: 2005-03-01T05:00:00.000
Modified: 2024-11-20T23:49:50.827
Link: CVE-2004-0989
Redhat