Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2009-2414

Published: 11/08/2009 Updated: 13/02/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Xmlsoft

Vulnerability Summary

Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent malicious users to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

xmlsoft libxml2 2.6.16

xmlsoft libxml2 2.6.32

xmlsoft libxml2 2.6.26

xmlsoft libxml2 2.6.27

xmlsoft libxml 1.8.17

xmlsoft libxml2 2.5.10

Vendor Advisories

Red Hat: Moderate: libxml and libxml2 security update
Synopsis Moderate: libxml and libxml2 security update Type/Severity Security Advisory: Moderate Topic Updated libxml and libxml2 packages that fix multiple security issues arenow available for Red Hat Enterprise Linux 3, 4, and 5This update has been rated as having moderate security impact by the RedHat Se ...
Debian CVElist Bug Report Logs: libxml2: CVE-2009-2414, CVE-2009-2416 pointer-user-after-free and stack overflow because of function recursion
Debian Bug report logs - #540865 libxml2: CVE-2009-2414, CVE-2009-2416 pointer-user-after-free and stack overflow because of function recursion Package: src:libxml2; Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Nico Golde <nion@debianorg> Date: Mon, ...
Ubuntu Security Notice: libxml2 vulnerabilities
It was discovered that libxml2 did not correctly handle root XML document element DTD definitions If a user were tricked into processing a specially crafted XML document, a remote attacker could cause the application linked against libxml2 to crash, leading to a denial of service (CVE-2009-2414) ...
Debian Security Advisories: DSA-1861-1 libxml -- several vulnerabilities
Rauli Kaksonen, Tero Rontti and Jukka Taimisto discovered several vulnerabilities in libxml, a library for parsing and handling XML data files, which can lead to denial of service conditions or possibly arbitrary code execution in the application using the library The Common Vulnerabilities and Exposures project identifies the following problems: ...

References

CWE-119http://www.debian.org/security/2009/dsa-1859http://www.cert.fi/en/reports/2009/vulnerability2009085.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=515195http://www.networkworld.com/columnists/2009/080509-xml-flaw.htmlhttp://www.securityfocus.com/bid/36010http://www.codenomicon.com/labs/xml/https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00547.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-August/msg00537.htmlhttp://www.ubuntu.com/usn/USN-815-1http://secunia.com/advisories/36338https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00642.htmlhttp://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.htmlhttp://secunia.com/advisories/36207http://www.vupen.com/english/advisories/2009/2420http://secunia.com/advisories/36417http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2009/Nov/msg00000.htmlhttp://support.apple.com/kb/HT3937http://support.apple.com/kb/HT3949http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.htmlhttp://www.vupen.com/english/advisories/2009/3184http://secunia.com/advisories/37471http://www.vupen.com/english/advisories/2009/3316http://www.vmware.com/security/advisories/VMSA-2009-0016.htmlhttp://secunia.com/advisories/37346http://www.vupen.com/english/advisories/2009/3217http://support.apple.com/kb/HT4225http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.htmlhttp://secunia.com/advisories/36631http://secunia.com/advisories/35036http://www.openoffice.org/security/cves/CVE-2009-2414-2416.htmlhttps://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8639https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10129http://www.securityfocus.com/archive/1/507985/100/0/threadedhttp://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg678527.htmlhttps://access.redhat.com/errata/RHSA-2009:1206https://usn.ubuntu.com/815-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook