Action not permitted
Modal body text goes here.
Modal Title
Modal Body
ghsa-99jp-rppc-jgcm
Vulnerability from github
Published
2022-05-02 03:17
Modified
2025-04-09 04:11
VLAI Severity ?
Details
Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
{ "affected": [], "aliases": [ "CVE-2009-0689" ], "database_specific": { "cwe_ids": [ "CWE-119" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2009-07-01T13:00:00Z", "severity": "MODERATE" }, "details": "Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.", "id": "GHSA-99jp-rppc-jgcm", "modified": "2025-04-09T04:11:28Z", "published": "2022-05-02T03:17:30Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0689" }, { "type": "WEB", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=516396" }, { "type": "WEB", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=516862" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00001.html" }, { "type": "WEB", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6528" }, { "type": "WEB", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9541" }, { "type": "WEB", "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gdtoa/gdtoaimp.h" }, { "type": "WEB", "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" }, { "type": "WEB", "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" }, { "type": "WEB", "url": "http://rhn.redhat.com/errata/RHSA-2014-0311.html" }, { "type": "WEB", "url": "http://rhn.redhat.com/errata/RHSA-2014-0312.html" }, { "type": "WEB", "url": "http://secunia.com/advisories/37431" }, { "type": "WEB", "url": "http://secunia.com/advisories/37682" }, { "type": "WEB", "url": "http://secunia.com/advisories/37683" }, { "type": "WEB", "url": "http://secunia.com/advisories/38066" }, { "type": "WEB", "url": "http://secunia.com/advisories/38977" }, { "type": "WEB", "url": "http://secunia.com/advisories/39001" }, { "type": "WEB", "url": "http://secunia.com/secunia_research/2009-35" }, { "type": "WEB", "url": "http://securityreason.com/achievement_securityalert/63" }, { "type": "WEB", "url": "http://securityreason.com/achievement_securityalert/69" }, { "type": "WEB", "url": "http://securityreason.com/achievement_securityalert/71" }, { "type": "WEB", "url": "http://securityreason.com/achievement_securityalert/72" }, { "type": "WEB", "url": "http://securityreason.com/achievement_securityalert/73" }, { "type": "WEB", "url": "http://securityreason.com/achievement_securityalert/75" }, { "type": "WEB", "url": "http://securityreason.com/achievement_securityalert/76" }, { "type": "WEB", "url": "http://securityreason.com/achievement_securityalert/77" }, { "type": "WEB", "url": "http://securityreason.com/achievement_securityalert/78" }, { "type": "WEB", "url": "http://securityreason.com/achievement_securityalert/81" }, { "type": "WEB", "url": "http://securitytracker.com/id?1022478" }, { "type": "WEB", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1" }, { "type": "WEB", "url": "http://support.apple.com/kb/HT4077" }, { "type": "WEB", "url": "http://support.apple.com/kb/HT4225" }, { "type": "WEB", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:294" }, { "type": "WEB", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:330" }, { "type": "WEB", "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-59.html" }, { "type": "WEB", "url": "http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/misc.c" }, { "type": "WEB", "url": "http://www.opera.com/support/kb/view/942" }, { "type": "WEB", "url": "http://www.redhat.com/support/errata/RHSA-2009-1601.html" }, { "type": "WEB", "url": "http://www.redhat.com/support/errata/RHSA-2010-0153.html" }, { "type": "WEB", "url": "http://www.redhat.com/support/errata/RHSA-2010-0154.html" }, { "type": "WEB", "url": "http://www.securityfocus.com/archive/1/507977/100/0/threaded" }, { "type": "WEB", "url": "http://www.securityfocus.com/archive/1/507979/100/0/threaded" }, { "type": "WEB", "url": "http://www.securityfocus.com/archive/1/508417/100/0/threaded" }, { "type": "WEB", "url": "http://www.securityfocus.com/archive/1/508423/100/0/threaded" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/35510" }, { "type": "WEB", "url": "http://www.ubuntu.com/usn/USN-915-1" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2009/3297" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2009/3299" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2009/3334" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2010/0094" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2010/0648" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2010/0650" } ], "schema_version": "1.4.0", "severity": [] }
CVE-2009-0689 (GCVE-0-2009-0689)
Vulnerability from cvelistv5
Published
2009-07-01 12:26
Modified
2024-08-07 04:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T04:40:05.365Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gdtoa/gdtoaimp.h" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://secunia.com/secunia_research/2009-35/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=516862" }, { "name": "20090625 Multiple Vendors libc/gdtoa printf(3) Array Overrun", "tags": [ "third-party-advisory", "x_refsource_SREASONRES", "x_transferred" ], "url": "http://securityreason.com/achievement_securityalert/63" }, { "name": "20091120 SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/507979/100/0/threaded" }, { "name": "20091211 Thunderbird 2.0.0.23 (lib) Remote Array Overrun (Arbitrary code execution)", "tags": [ "third-party-advisory", "x_refsource_SREASONRES", "x_transferred" ], "url": "http://securityreason.com/achievement_securityalert/78" }, { "name": "RHSA-2010:0153", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0153.html" }, { "name": "20091211 Flock 2.5.2 Remote Array Overrun (Arbitrary code execution)", "tags": [ "third-party-advisory", "x_refsource_SREASONRES", "x_transferred" ], "url": "http://securityreason.com/achievement_securityalert/75" }, { "name": "MDVSA-2009:330", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:330" }, { "name": "39001", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/39001" }, { "name": "SUSE-SR:2009:018", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html" }, { "name": "20091120 K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/507977/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT4225" }, { "name": "20091120 Opera 10.01 Remote Array Overrun (Arbitrary code execution)", "tags": [ "third-party-advisory", "x_refsource_SREASONRES", "x_transferred" ], "url": "http://securityreason.com/achievement_securityalert/73" }, { "name": "20091120 K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution)", "tags": [ "third-party-advisory", "x_refsource_SREASONRES", "x_transferred" ], "url": "http://securityreason.com/achievement_securityalert/72" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-59.html" }, { "name": "ADV-2010-0094", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/0094" }, { "name": "ADV-2010-0648", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/0648" }, { "name": "ADV-2010-0650", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/0650" }, { "name": "272909", "tags": [ "vendor-advisory", "x_refsource_SUNALERT", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1" }, { "name": "ADV-2009-3299", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/3299" }, { "name": "RHSA-2009:1601", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2009-1601.html" }, { "name": "20091210 Camino 1.6.10 Remote Array Overrun (Arbitrary code execution)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/508423/100/0/threaded" }, { "name": "APPLE-SA-2010-03-29-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" }, { "name": "[debian-lts-announce] 20181101 [SECURITY] [DLA 1564-1] mono security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00001.html" }, { "name": "SUSE-SR:2010:013", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" }, { "name": "RHSA-2014:0312", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0312.html" }, { "name": "37683", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37683" }, { "name": "38977", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/38977" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.opera.com/support/kb/view/942/" }, { "name": "20091030 Multiple BSD printf(1) and multiple dtoa/*printf(3) vulnerabilities", "tags": [ "third-party-advisory", "x_refsource_SREASONRES", "x_transferred" ], "url": "http://securityreason.com/achievement_securityalert/69" }, { "name": "RHSA-2010:0154", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0154.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT4077" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=516396" }, { "name": "oval:org.mitre.oval:def:6528", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6528" }, { "name": "37682", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37682" }, { "name": "oval:org.mitre.oval:def:9541", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9541" }, { "name": "38066", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/38066" }, { "name": "USN-915-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-915-1" }, { "name": "20091210 Flock 2.5.2 Remote Array Overrun (Arbitrary code execution)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/508417/100/0/threaded" }, { "name": "RHSA-2014:0311", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0311.html" }, { "name": "ADV-2009-3297", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/3297" }, { "name": "20091211 Camino 1.6.10 Remote Array Overrun (Arbitrary code execution)", "tags": [ "third-party-advisory", "x_refsource_SREASONRES", "x_transferred" ], "url": "http://securityreason.com/achievement_securityalert/76" }, { "name": "37431", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37431" }, { "name": "20100108 MacOS X 10.5/10.6 libc/strtod(3) buffer overflow", "tags": [ "third-party-advisory", "x_refsource_SREASONRES", "x_transferred" ], "url": "http://securityreason.com/achievement_securityalert/81" }, { "name": "20091120 SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution)", "tags": [ "third-party-advisory", "x_refsource_SREASONRES", "x_transferred" ], "url": "http://securityreason.com/achievement_securityalert/71" }, { "name": "1022478", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://securitytracker.com/id?1022478" }, { "name": "APPLE-SA-2010-06-21-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/misc.c" }, { "name": "ADV-2009-3334", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/3334" }, { "name": "20091211 Sunbird 0.9 Array Overrun (code execution)", "tags": [ "third-party-advisory", "x_refsource_SREASONRES", "x_transferred" ], "url": "http://securityreason.com/achievement_securityalert/77" }, { "name": "MDVSA-2009:294", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:294" }, { "name": "35510", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/35510" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-06-25T00:00:00", "descriptions": [ { "lang": "en", "value": "Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-11-02T09:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gdtoa/gdtoaimp.h" }, { "tags": [ "x_refsource_MISC" ], "url": "http://secunia.com/secunia_research/2009-35/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=516862" }, { "name": "20090625 Multiple Vendors libc/gdtoa printf(3) Array Overrun", "tags": [ "third-party-advisory", "x_refsource_SREASONRES" ], "url": "http://securityreason.com/achievement_securityalert/63" }, { "name": "20091120 SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/507979/100/0/threaded" }, { "name": "20091211 Thunderbird 2.0.0.23 (lib) Remote Array Overrun (Arbitrary code execution)", "tags": [ "third-party-advisory", "x_refsource_SREASONRES" ], "url": "http://securityreason.com/achievement_securityalert/78" }, { "name": "RHSA-2010:0153", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0153.html" }, { "name": "20091211 Flock 2.5.2 Remote Array Overrun (Arbitrary code execution)", "tags": [ "third-party-advisory", "x_refsource_SREASONRES" ], "url": "http://securityreason.com/achievement_securityalert/75" }, { "name": "MDVSA-2009:330", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:330" }, { "name": "39001", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/39001" }, { "name": "SUSE-SR:2009:018", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html" }, { "name": "20091120 K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/507977/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT4225" }, { "name": "20091120 Opera 10.01 Remote Array Overrun (Arbitrary code execution)", "tags": [ "third-party-advisory", "x_refsource_SREASONRES" ], "url": "http://securityreason.com/achievement_securityalert/73" }, { "name": "20091120 K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution)", "tags": [ "third-party-advisory", "x_refsource_SREASONRES" ], "url": "http://securityreason.com/achievement_securityalert/72" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-59.html" }, { "name": "ADV-2010-0094", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/0094" }, { "name": "ADV-2010-0648", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/0648" }, { "name": "ADV-2010-0650", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2010/0650" }, { "name": "272909", "tags": [ "vendor-advisory", "x_refsource_SUNALERT" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1" }, { "name": "ADV-2009-3299", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/3299" }, { "name": "RHSA-2009:1601", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2009-1601.html" }, { "name": "20091210 Camino 1.6.10 Remote Array Overrun (Arbitrary code execution)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/508423/100/0/threaded" }, { "name": "APPLE-SA-2010-03-29-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" }, { "name": "[debian-lts-announce] 20181101 [SECURITY] [DLA 1564-1] mono security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00001.html" }, { "name": "SUSE-SR:2010:013", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" }, { "name": "RHSA-2014:0312", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0312.html" }, { "name": "37683", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37683" }, { "name": "38977", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/38977" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.opera.com/support/kb/view/942/" }, { "name": "20091030 Multiple BSD printf(1) and multiple dtoa/*printf(3) vulnerabilities", "tags": [ "third-party-advisory", "x_refsource_SREASONRES" ], "url": "http://securityreason.com/achievement_securityalert/69" }, { "name": "RHSA-2010:0154", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0154.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT4077" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=516396" }, { "name": "oval:org.mitre.oval:def:6528", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6528" }, { "name": "37682", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37682" }, { "name": "oval:org.mitre.oval:def:9541", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9541" }, { "name": "38066", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/38066" }, { "name": "USN-915-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-915-1" }, { "name": "20091210 Flock 2.5.2 Remote Array Overrun (Arbitrary code execution)", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/508417/100/0/threaded" }, { "name": "RHSA-2014:0311", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0311.html" }, { "name": "ADV-2009-3297", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/3297" }, { "name": "20091211 Camino 1.6.10 Remote Array Overrun (Arbitrary code execution)", "tags": [ "third-party-advisory", "x_refsource_SREASONRES" ], "url": "http://securityreason.com/achievement_securityalert/76" }, { "name": "37431", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37431" }, { "name": "20100108 MacOS X 10.5/10.6 libc/strtod(3) buffer overflow", "tags": [ "third-party-advisory", "x_refsource_SREASONRES" ], "url": "http://securityreason.com/achievement_securityalert/81" }, { "name": "20091120 SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution)", "tags": [ "third-party-advisory", "x_refsource_SREASONRES" ], "url": "http://securityreason.com/achievement_securityalert/71" }, { "name": "1022478", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://securitytracker.com/id?1022478" }, { "name": "APPLE-SA-2010-06-21-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/misc.c" }, { "name": "ADV-2009-3334", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/3334" }, { "name": "20091211 Sunbird 0.9 Array Overrun (code execution)", "tags": [ "third-party-advisory", "x_refsource_SREASONRES" ], "url": "http://securityreason.com/achievement_securityalert/77" }, { "name": "MDVSA-2009:294", "tags": [ "vendor-advisory", "x_refsource_MANDRIVA" ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:294" }, { "name": "35510", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/35510" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cert@cert.org", "ID": "CVE-2009-0689", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gdtoa/gdtoaimp.h", "refsource": "CONFIRM", "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gdtoa/gdtoaimp.h" }, { "name": "http://secunia.com/secunia_research/2009-35/", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2009-35/" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=516862", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=516862" }, { "name": "20090625 Multiple Vendors libc/gdtoa printf(3) Array Overrun", "refsource": "SREASONRES", "url": "http://securityreason.com/achievement_securityalert/63" }, { "name": "20091120 SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/507979/100/0/threaded" }, { "name": "20091211 Thunderbird 2.0.0.23 (lib) Remote Array Overrun (Arbitrary code execution)", "refsource": "SREASONRES", "url": "http://securityreason.com/achievement_securityalert/78" }, { "name": "RHSA-2010:0153", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2010-0153.html" }, { "name": "20091211 Flock 2.5.2 Remote Array Overrun (Arbitrary code execution)", "refsource": "SREASONRES", "url": "http://securityreason.com/achievement_securityalert/75" }, { "name": "MDVSA-2009:330", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:330" }, { "name": "39001", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39001" }, { "name": "SUSE-SR:2009:018", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html" }, { "name": "20091120 K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/507977/100/0/threaded" }, { "name": "http://support.apple.com/kb/HT4225", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4225" }, { "name": "20091120 Opera 10.01 Remote Array Overrun (Arbitrary code execution)", "refsource": "SREASONRES", "url": "http://securityreason.com/achievement_securityalert/73" }, { "name": "20091120 K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution)", "refsource": "SREASONRES", "url": "http://securityreason.com/achievement_securityalert/72" }, { "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-59.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-59.html" }, { "name": "ADV-2010-0094", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0094" }, { "name": "ADV-2010-0648", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0648" }, { "name": "ADV-2010-0650", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0650" }, { "name": "272909", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1" }, { "name": "ADV-2009-3299", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/3299" }, { "name": "RHSA-2009:1601", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2009-1601.html" }, { "name": "20091210 Camino 1.6.10 Remote Array Overrun (Arbitrary code execution)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/508423/100/0/threaded" }, { "name": "APPLE-SA-2010-03-29-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" }, { "name": "[debian-lts-announce] 20181101 [SECURITY] [DLA 1564-1] mono security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00001.html" }, { "name": "SUSE-SR:2010:013", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" }, { "name": "RHSA-2014:0312", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0312.html" }, { "name": "37683", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37683" }, { "name": "38977", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38977" }, { "name": "http://www.opera.com/support/kb/view/942/", "refsource": "CONFIRM", "url": "http://www.opera.com/support/kb/view/942/" }, { "name": "20091030 Multiple BSD printf(1) and multiple dtoa/*printf(3) vulnerabilities", "refsource": "SREASONRES", "url": "http://securityreason.com/achievement_securityalert/69" }, { "name": "RHSA-2010:0154", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2010-0154.html" }, { "name": "http://support.apple.com/kb/HT4077", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4077" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=516396", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=516396" }, { "name": "oval:org.mitre.oval:def:6528", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6528" }, { "name": "37682", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37682" }, { "name": "oval:org.mitre.oval:def:9541", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9541" }, { "name": "38066", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38066" }, { "name": "USN-915-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-915-1" }, { "name": "20091210 Flock 2.5.2 Remote Array Overrun (Arbitrary code execution)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/508417/100/0/threaded" }, { "name": "RHSA-2014:0311", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0311.html" }, { "name": "ADV-2009-3297", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/3297" }, { "name": "20091211 Camino 1.6.10 Remote Array Overrun (Arbitrary code execution)", "refsource": "SREASONRES", "url": "http://securityreason.com/achievement_securityalert/76" }, { "name": "37431", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37431" }, { "name": "20100108 MacOS X 10.5/10.6 libc/strtod(3) buffer overflow", "refsource": "SREASONRES", "url": "http://securityreason.com/achievement_securityalert/81" }, { "name": "20091120 SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution)", "refsource": "SREASONRES", "url": "http://securityreason.com/achievement_securityalert/71" }, { "name": "1022478", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1022478" }, { "name": "APPLE-SA-2010-06-21-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" }, { "name": "http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/misc.c", "refsource": "CONFIRM", "url": "http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/misc.c" }, { "name": "ADV-2009-3334", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/3334" }, { "name": "20091211 Sunbird 0.9 Array Overrun (code execution)", "refsource": "SREASONRES", "url": "http://securityreason.com/achievement_securityalert/77" }, { "name": "MDVSA-2009:294", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:294" }, { "name": "35510", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35510" } ] } } } }, "cveMetadata": { "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2009-0689", "datePublished": "2009-07-01T12:26:00", "dateReserved": "2009-02-22T00:00:00", "dateUpdated": "2024-08-07T04:40:05.365Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…