Vulnerabilites related to xmlstarlet - command_line_xml_toolkit
CVE-2004-2160 (GCVE-0-2004-2160)
Vulnerability from cvelistv5
Published
2005-07-10 04:00
Modified
2024-09-16 22:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Format string vulnerability in xml_elem.c for XMLStarlet Command Line XML Toolkit 0.9.3 may allow attackers to cause a denial of service or execute arbitrary code.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:15:01.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.sourceforge.net/viewcvs.py/xmlstar/xmlstarlet/src/xml_elem.c?r1=1.17\u0026r2=1.18"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=268962"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in xml_elem.c for XMLStarlet Command Line XML Toolkit 0.9.3 may allow attackers to cause a denial of service or execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-07-10T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.sourceforge.net/viewcvs.py/xmlstar/xmlstarlet/src/xml_elem.c?r1=1.17\u0026r2=1.18"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=268962"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in xml_elem.c for XMLStarlet Command Line XML Toolkit 0.9.3 may allow attackers to cause a denial of service or execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cvs.sourceforge.net/viewcvs.py/xmlstar/xmlstarlet/src/xml_elem.c?r1=1.17\u0026r2=1.18",
"refsource": "CONFIRM",
"url": "http://cvs.sourceforge.net/viewcvs.py/xmlstar/xmlstarlet/src/xml_elem.c?r1=1.17\u0026r2=1.18"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=268962",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=268962"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2160",
"datePublished": "2005-07-10T04:00:00Z",
"dateReserved": "2005-07-10T00:00:00Z",
"dateUpdated": "2024-09-16T22:31:07.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2159 (GCVE-0-2004-2159)
Vulnerability from cvelistv5
Published
2005-07-10 04:00
Modified
2024-08-08 01:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple buffer overflows in XMLStarlet Command Line XML Toolkit 0.9.3 have unknown impact and attack vectors via (1) xml_elem.c and (2) xml_select.c.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:15:01.711Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1011496",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011496"
},
{
"name": "xmlstarlet-bo(17580)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17580"
},
{
"name": "11270",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11270"
},
{
"name": "10074",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/10074"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=268962"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in XMLStarlet Command Line XML Toolkit 0.9.3 have unknown impact and attack vectors via (1) xml_elem.c and (2) xml_select.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1011496",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011496"
},
{
"name": "xmlstarlet-bo(17580)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17580"
},
{
"name": "11270",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11270"
},
{
"name": "10074",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/10074"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=268962"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in XMLStarlet Command Line XML Toolkit 0.9.3 have unknown impact and attack vectors via (1) xml_elem.c and (2) xml_select.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1011496",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011496"
},
{
"name": "xmlstarlet-bo(17580)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17580"
},
{
"name": "11270",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11270"
},
{
"name": "10074",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/10074"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=268962",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=268962"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2159",
"datePublished": "2005-07-10T04:00:00",
"dateReserved": "2005-07-10T00:00:00",
"dateUpdated": "2024-08-08T01:15:01.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0989 (GCVE-0-2004-0989)
Vulnerability from cvelistv5
Published
2004-10-28 04:00
Modified
2024-08-08 00:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:38:59.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2005-01-25",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html"
},
{
"name": "20041026 libxml2 remote buffer overflows (not in xml parsing code though)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109880813013482\u0026w=2"
},
{
"name": "P-029",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/p-029.shtml"
},
{
"name": "11179",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/11179"
},
{
"name": "1011941",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1011941"
},
{
"name": "RHSA-2004:615",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-615.html"
},
{
"name": "11526",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11526"
},
{
"name": "oval:org.mitre.oval:def:10505",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10505"
},
{
"name": "libxml2-nanoftp-file-bo(17872)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17872"
},
{
"name": "RHSA-2004:650",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-650.html"
},
{
"name": "GLSA-200411-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml"
},
{
"name": "CLA-2004:890",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000890"
},
{
"name": "11324",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/11324"
},
{
"name": "SUSE-SR:2005:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_01_sr.html"
},
{
"name": "oval:org.mitre.oval:def:1173",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1173"
},
{
"name": "USN-89-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://www.ubuntu.com/usn/usn-89-1/"
},
{
"name": "13000",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13000"
},
{
"name": "DSA-582",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-582"
},
{
"name": "libxml2-xmlnanoftpscanurl-bo(17870)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17870"
},
{
"name": "libxml2-xmlnanoftpscanproxy-bo(17875)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17875"
},
{
"name": "11180",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/11180"
},
{
"name": "libxml2-nanohttp-file-bo(17876)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17876"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "APPLE-SA-2005-01-25",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html"
},
{
"name": "20041026 libxml2 remote buffer overflows (not in xml parsing code though)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109880813013482\u0026w=2"
},
{
"name": "P-029",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/p-029.shtml"
},
{
"name": "11179",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/11179"
},
{
"name": "1011941",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1011941"
},
{
"name": "RHSA-2004:615",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-615.html"
},
{
"name": "11526",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11526"
},
{
"name": "oval:org.mitre.oval:def:10505",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10505"
},
{
"name": "libxml2-nanoftp-file-bo(17872)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17872"
},
{
"name": "RHSA-2004:650",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-650.html"
},
{
"name": "GLSA-200411-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml"
},
{
"name": "CLA-2004:890",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000890"
},
{
"name": "11324",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/11324"
},
{
"name": "SUSE-SR:2005:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_01_sr.html"
},
{
"name": "oval:org.mitre.oval:def:1173",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1173"
},
{
"name": "USN-89-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://www.ubuntu.com/usn/usn-89-1/"
},
{
"name": "13000",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13000"
},
{
"name": "DSA-582",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-582"
},
{
"name": "libxml2-xmlnanoftpscanurl-bo(17870)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17870"
},
{
"name": "libxml2-xmlnanoftpscanproxy-bo(17875)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17875"
},
{
"name": "11180",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/11180"
},
{
"name": "libxml2-nanohttp-file-bo(17876)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17876"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2005-01-25",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html"
},
{
"name": "20041026 libxml2 remote buffer overflows (not in xml parsing code though)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109880813013482\u0026w=2"
},
{
"name": "P-029",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/p-029.shtml"
},
{
"name": "11179",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11179"
},
{
"name": "1011941",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1011941"
},
{
"name": "RHSA-2004:615",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-615.html"
},
{
"name": "11526",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11526"
},
{
"name": "oval:org.mitre.oval:def:10505",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10505"
},
{
"name": "libxml2-nanoftp-file-bo(17872)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17872"
},
{
"name": "RHSA-2004:650",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-650.html"
},
{
"name": "GLSA-200411-05",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml"
},
{
"name": "CLA-2004:890",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000890"
},
{
"name": "11324",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11324"
},
{
"name": "SUSE-SR:2005:001",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_01_sr.html"
},
{
"name": "oval:org.mitre.oval:def:1173",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1173"
},
{
"name": "USN-89-1",
"refsource": "UBUNTU",
"url": "https://www.ubuntu.com/usn/usn-89-1/"
},
{
"name": "13000",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13000"
},
{
"name": "DSA-582",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-582"
},
{
"name": "libxml2-xmlnanoftpscanurl-bo(17870)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17870"
},
{
"name": "libxml2-xmlnanoftpscanproxy-bo(17875)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17875"
},
{
"name": "11180",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11180"
},
{
"name": "libxml2-nanohttp-file-bo(17876)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17876"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0989",
"datePublished": "2004-10-28T04:00:00",
"dateReserved": "2004-10-27T00:00:00",
"dateUpdated": "2024-08-08T00:38:59.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Format string vulnerability in xml_elem.c for XMLStarlet Command Line XML Toolkit 0.9.3 may allow attackers to cause a denial of service or execute arbitrary code.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://cvs.sourceforge.net/viewcvs.py/xmlstar/xmlstarlet/src/xml_elem.c?r1=1.17&r2=1.18 | ||
| cve@mitre.org | http://sourceforge.net/project/shownotes.php?release_id=268962 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://cvs.sourceforge.net/viewcvs.py/xmlstar/xmlstarlet/src/xml_elem.c?r1=1.17&r2=1.18 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/project/shownotes.php?release_id=268962 | Patch |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xmlstarlet | command_line_xml_toolkit | 0.9.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlstarlet:command_line_xml_toolkit:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9F39B59D-2315-4121-8399-77B81C7D7EE4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in xml_elem.c for XMLStarlet Command Line XML Toolkit 0.9.3 may allow attackers to cause a denial of service or execute arbitrary code."
}
],
"id": "CVE-2004-2160",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://cvs.sourceforge.net/viewcvs.py/xmlstar/xmlstarlet/src/xml_elem.c?r1=1.17\u0026r2=1.18"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=268962"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cvs.sourceforge.net/viewcvs.py/xmlstar/xmlstarlet/src/xml_elem.c?r1=1.17\u0026r2=1.18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=268962"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-03-01 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000890 | ||
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html | ||
| cve@mitre.org | http://marc.info/?l=bugtraq&m=109880813013482&w=2 | ||
| cve@mitre.org | http://secunia.com/advisories/13000 | ||
| cve@mitre.org | http://securitytracker.com/id?1011941 | ||
| cve@mitre.org | http://www.ciac.org/ciac/bulletins/p-029.shtml | ||
| cve@mitre.org | http://www.debian.org/security/2004/dsa-582 | ||
| cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml | ||
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2005_01_sr.html | ||
| cve@mitre.org | http://www.osvdb.org/11179 | ||
| cve@mitre.org | http://www.osvdb.org/11180 | ||
| cve@mitre.org | http://www.osvdb.org/11324 | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2004-615.html | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2004-650.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/11526 | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/17870 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/17872 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/17875 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/17876 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10505 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1173 | ||
| cve@mitre.org | https://www.ubuntu.com/usn/usn-89-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000890 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=109880813013482&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/13000 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1011941 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ciac.org/ciac/bulletins/p-029.shtml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2004/dsa-582 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2005_01_sr.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/11179 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/11180 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/11324 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2004-615.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2004-650.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/11526 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/17870 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/17872 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/17875 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/17876 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10505 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1173 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ubuntu.com/usn/usn-89-1/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xmlsoft | libxml | 1.8.17 | |
| xmlsoft | libxml2 | 2.5.11 | |
| xmlsoft | libxml2 | 2.6.6 | |
| xmlsoft | libxml2 | 2.6.7 | |
| xmlsoft | libxml2 | 2.6.8 | |
| xmlsoft | libxml2 | 2.6.9 | |
| xmlsoft | libxml2 | 2.6.11 | |
| xmlsoft | libxml2 | 2.6.12 | |
| xmlsoft | libxml2 | 2.6.13 | |
| xmlsoft | libxml2 | 2.6.14 | |
| xmlstarlet | command_line_xml_toolkit | 0.9.1 | |
| redhat | fedora_core | core_2.0 | |
| trustix | secure_linux | 2.0 | |
| trustix | secure_linux | 2.1 | |
| ubuntu | ubuntu_linux | 4.1 | |
| ubuntu | ubuntu_linux | 4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxml:1.8.17:*:*:*:*:*:*:*",
"matchCriteriaId": "E7C0B552-67E9-48E5-ABFB-AF0CD6DA46FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "43F8E361-E6D3-4666-B18D-928D550FD5D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EB8BEC58-AB2A-4953-A2E8-338EB894A494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ABDE6C9A-4F24-42B4-8AA3-3EBC97190322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "44FB2813-BE9F-46A8-864B-435D883CA0FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F9DF1336-F831-4507-B45E-574BDE8AA8BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "33268B2F-3591-48D9-B123-92E3ABF157F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0830367A-9FB3-4291-88C0-38A471DFD22B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "73E4EB1B-2E8B-4504-AB05-F4D4E6B038E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B5815E25-5305-4A32-81B3-89DB1D5C1AC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlstarlet:command_line_xml_toolkit:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CF12410-9F1E-452C-BAA6-22E73A9FA75C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E6996B14-925B-46B8-982F-3545328B506B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "53AF1A2D-B0A2-4097-AD1D-DF3AF27171BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A67735E5-E43E-4164-BDB2-ADC6E0288E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*",
"matchCriteriaId": "6E94583A-5184-462E-9FC4-57B35DA06DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*",
"matchCriteriaId": "E905FAAD-37B6-4DD0-A752-2974F8336273",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost."
}
],
"id": "CVE-2004-0989",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-03-01T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000890"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109880813013482\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/13000"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1011941"
},
{
"source": "cve@mitre.org",
"url": "http://www.ciac.org/ciac/bulletins/p-029.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2004/dsa-582"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2005_01_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/11179"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/11180"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/11324"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2004-615.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2004-650.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11526"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17870"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17872"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17875"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17876"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10505"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1173"
},
{
"source": "cve@mitre.org",
"url": "https://www.ubuntu.com/usn/usn-89-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109880813013482\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/13000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1011941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ciac.org/ciac/bulletins/p-029.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2004/dsa-582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_01_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/11179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/11180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/11324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2004-615.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2004-650.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11526"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17876"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.ubuntu.com/usn/usn-89-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple buffer overflows in XMLStarlet Command Line XML Toolkit 0.9.3 have unknown impact and attack vectors via (1) xml_elem.c and (2) xml_select.c.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://securitytracker.com/id?1011496 | Patch | |
| cve@mitre.org | http://sourceforge.net/project/shownotes.php?release_id=268962 | Patch | |
| cve@mitre.org | http://www.osvdb.org/10074 | Patch | |
| cve@mitre.org | http://www.securityfocus.com/bid/11270 | Patch | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/17580 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1011496 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/project/shownotes.php?release_id=268962 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/10074 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/11270 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/17580 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xmlstarlet | command_line_xml_toolkit | 0.9.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlstarlet:command_line_xml_toolkit:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9F39B59D-2315-4121-8399-77B81C7D7EE4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in XMLStarlet Command Line XML Toolkit 0.9.3 have unknown impact and attack vectors via (1) xml_elem.c and (2) xml_select.c."
}
],
"id": "CVE-2004-2159",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1011496"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=268962"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/10074"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11270"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1011496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=268962"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/10074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17580"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}