Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.
History

Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.30691}

epss

{'score': 0.2823}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2004-10-28T04:00:00

Updated: 2024-08-08T00:38:59.682Z

Reserved: 2004-10-27T00:00:00

Link: CVE-2004-0989

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2005-03-01T05:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2004-0989

cve-icon Redhat

Severity : Moderate

Publid Date: 2004-10-26T00:00:00Z

Links: CVE-2004-0989 - Bugzilla