Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P
Vendors Products
Xmlsoft
  • Libxml
  • Libxml2

Configuration 1 [-]

OR cpe:2.3:a:xmlsoft:libxml:1.8.17:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.5.10:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.16:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.26:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.27:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.6.32:*:*:*:*:*:*:*
References
Link Resource
http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
http://secunia.com/advisories/35036
http://secunia.com/advisories/36207
http://secunia.com/advisories/36338
http://secunia.com/advisories/36417
http://secunia.com/advisories/36631
http://secunia.com/advisories/37346
http://secunia.com/advisories/37471
http://support.apple.com/kb/HT3937
http://support.apple.com/kb/HT3949
http://support.apple.com/kb/HT4225
http://www.cert.fi/en/reports/2009/vulnerability2009085.html
http://www.codenomicon.com/labs/xml/
http://www.debian.org/security/2009/dsa-1859 Patch
http://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg678527.html
http://www.networkworld.com/columnists/2009/080509-xml-flaw.html
http://www.openoffice.org/security/cves/CVE-2009-2414-2416.html
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.securityfocus.com/bid/36010
http://www.ubuntu.com/usn/USN-815-1
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2009/2420
http://www.vupen.com/english/advisories/2009/3184
http://www.vupen.com/english/advisories/2009/3217
http://www.vupen.com/english/advisories/2009/3316
https://bugzilla.redhat.com/show_bug.cgi?id=515195
https://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10129
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8639
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00537.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00547.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00642.html
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2009-08-11T18:00:00

Updated: 2018-10-10T18:57:01

Reserved: 2009-07-09T00:00:00

Link: CVE-2009-2414

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2009-08-11T18:30:00.937

Modified: 2023-02-13T01:17:34.090

Link: CVE-2009-2414

JSON object: View

cve-icon Redhat Information

No data.

CWE