[Forgot Password]
Login  Register Subscribe

23631

 
 

122183

 
 

98060

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2009-0689

Date: (C)2009-07-01   (M)2017-12-01 


Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.

CVSS Score: 6.8Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
SECTRACK-1022478
http://securityreason.com/achievement_securityalert/63
http://securityreason.com/achievement_securityalert/69
http://www.securityfocus.com/archive/1/archive/1/507977/100/0/threaded
http://securityreason.com/achievement_securityalert/73
http://www.securityfocus.com/archive/1/archive/1/507979/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/508423/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/508417/100/0/threaded
http://securityreason.com/achievement_securityalert/76
http://securityreason.com/achievement_securityalert/75
http://securityreason.com/achievement_securityalert/77
http://securityreason.com/achievement_securityalert/78
http://securityreason.com/achievement_securityalert/81
SUNALERT-272909
BID-35510
SECUNIA-37431
SECUNIA-37682
SECUNIA-37683
SECUNIA-38066
SECUNIA-38977
SECUNIA-39001
ADV-2009-3297
ADV-2009-3299
ADV-2009-3334
ADV-2010-0094
ADV-2010-0648
ADV-2010-0650
APPLE-SA-2010-03-29-1
APPLE-SA-2010-06-21-1
MDVSA-2009:294
MDVSA-2009:330
RHSA-2009:1601
RHSA-2010:0153
RHSA-2010:0154
RHSA-2014:0311
RHSA-2014:0312
SUSE-SR:2009:018
SUSE-SR:2010:013
USN-915-1
http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gdtoa/gdtoaimp.h
http://secunia.com/secunia_research/2009-35/
http://support.apple.com/kb/HT4077
http://support.apple.com/kb/HT4225
http://www.mozilla.org/security/announce/2009/mfsa2009-59.html
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/misc.c
http://www.opera.com/support/kb/view/942/
https://bugzilla.mozilla.org/show_bug.cgi?id=516396
https://bugzilla.mozilla.org/show_bug.cgi?id=516862

CPE    22
cpe:/o:openbsd:openbsd:4.5
cpe:/o:freebsd:freebsd:7.2
cpe:/o:freebsd:freebsd:6.4
cpe:/a:mozilla:firefox:3.5.3
...
CWE    1
CWE-119
OVAL    27
oval:org.secpod.oval:def:109898
oval:org.secpod.oval:def:202192
oval:org.secpod.oval:def:500630
oval:org.secpod.oval:def:500315
...

© 2013 SecPod Technologies