Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2004-10-28T04:00:00

Updated: 2024-08-08T00:38:59.682Z

Reserved: 2004-10-27T00:00:00

Link: CVE-2004-0989

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2005-03-01T05:00:00.000

Modified: 2024-11-20T23:49:50.827

Link: CVE-2004-0989

cve-icon Redhat

Severity : Moderate

Publid Date: 2004-10-26T00:00:00Z

Links: CVE-2004-0989 - Bugzilla