CVE-2004-0989
libxml - buffer overflow
EPSS 24.3%
Description
Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.
How to fix CVE-2004-0989
To remediate CVE-2004-0989, upgrade the affected package to a fixed version below.
- —upgrade to 1.8.17-2woody2 or later
- —upgrade to 2.6.11-5 or later
- —upgrade to 2.4.19-4woody2 or later
Is CVE-2004-0989 being exploited?
Moderate — EPSS is 24.3%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (3)
- from 0, < 1.8.17-2woody2
- from 0, < 2.6.11-5
- from 0, < 2.4.19-4woody2