certfr_avis - certa-2009-avi-335

CERTA-2009-AVI-335

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités permettant un déni de service à distance ont été corrigées.

Description

Plusieurs vulnérabilités affectant libxml2 ont été corrigées. Elles permettent à une personne malintentionnée distante de provoquer un déni de service à distance au moyen d'un fichier XML spécialement réalisé.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

libxml2 versions 2.5.10, 2.6.16, 2.6.26, 2.6.27 et 2.6.32 et 1.8.17.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Debian DSA DSA-1859-1 du 10 août 2009	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-815-1 du 11 août 2009 :	-	other
Mises à jour de sécurité Fedora FEDORA-2009-8580 du 15 août 2009 :	-	other
Mises à jour de sécurité Fedora FEDORA-2009-8491 et FEDORA-2009-8498 du 11 août 2009 :	-	other
Bulletin de sécurité Sun 266688 du 03 septembre 2009 :	-	other
Mises à jour de sécurité Fedora FEDORA-2009-8491 et FEDORA-2009-8498 du 11 août 2009 :	-	other
Bulletin de sécurité Debian DSA-1859 du 10 août 2009 :	-	other
Bulletin de sécurité RedHat RHSA-2009:1206 du 10 août 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cTT\u003elibxml2\u003c/TT\u003e versions 2.5.10,  2.6.16, 2.6.26, 2.6.27 et 2.6.32 et 1.8.17.",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s affectant libxml2 ont \u00e9t\u00e9 corrig\u00e9es. Elles\npermettent \u00e0 une personne malintentionn\u00e9e distante de provoquer un d\u00e9ni\nde service \u00e0 distance au moyen d\u0027un fichier XML sp\u00e9cialement r\u00e9alis\u00e9.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-2416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2416"
    },
    {
      "name": "CVE-2009-2414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-815-1 du 11 ao\u00fbt 2009 :",
      "url": "http://www.ubuntu.com/usn/USN-815-1"
    },
    {
      "title": "Mises \u00e0 jour de s\u00e9curit\u00e9 Fedora FEDORA-2009-8580 du 15 ao\u00fbt    2009 :",
      "url": "http://www.redhat.com/archives/fedora-package-announce/2009-August/msg00632.html"
    },
    {
      "title": "Mises \u00e0 jour de s\u00e9curit\u00e9 Fedora FEDORA-2009-8491 et    FEDORA-2009-8498 du 11 ao\u00fbt 2009 :",
      "url": "http://www.redhat.com/archives/fedora-package-announce/2009-August/msg00547.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Sun 266688 du 03 septembre 2009 :",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266688-1"
    },
    {
      "title": "Mises \u00e0 jour de s\u00e9curit\u00e9 Fedora FEDORA-2009-8491 et    FEDORA-2009-8498 du 11 ao\u00fbt 2009 :",
      "url": "http://www.redhat.com/archives/fedora-package-announce/2009-August/msg00537.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1859 du 10 ao\u00fbt 2009 :",
      "url": "http://www.debian.org/security/2009/dsa-1859"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2009:1206 du 10 ao\u00fbt 2009    :",
      "url": "http://rhn.redhat.com/errata/RHSA-2009-1206.html"
    }
  ],
  "reference": "CERTA-2009-AVI-335",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-08-12T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences Sun et Ubuntu.",
      "revision_date": "2009-09-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s permettant un d\u00e9ni de service \u00e0 distance ont\n\u00e9t\u00e9 corrig\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans libxml2",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA DSA-1859-1 du 10 ao\u00fbt 2009",
      "url": null
    }
  ]
}

CVE-2006-2416 (GCVE-0-2006-2416)

Vulnerability from cvelistv5 – Published: 2006-05-16 10:00 – Updated: 2024-08-07 17:51

Summary

SQL injection vulnerability in class2.php in e107 0.7.2 and earlier allows remote attackers to execute arbitrary SQL commands via a cookie as defined in $pref['cookie_name'].

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/archive/1/433938/100…	mailing-listx_refsource_BUGTRAQ
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.vupen.com/english/advisories/2006/1802	vdb-entryx_refsource_VUPEN
	http://securityreason.com/securityalert/905	third-party-advisoryx_refsource_SREASON
	http://secunia.com/advisories/20089	third-party-advisoryx_refsource_SECUNIA
	http://www.osvdb.org/25521	vdb-entryx_refsource_OSVDB
	http://www.securityfocus.com/bid/17966	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:51:04.584Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20060513 SQL-Injection in e107 allows attacker to become a site admininstrator",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/433938/100/0/threaded"
          },
          {
            "name": "e107-cookie-sql-injection(26434)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26434"
          },
          {
            "name": "ADV-2006-1802",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1802"
          },
          {
            "name": "905",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/905"
          },
          {
            "name": "20089",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20089"
          },
          {
            "name": "25521",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/25521"
          },
          {
            "name": "17966",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/17966"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-05-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in class2.php in e107 0.7.2 and earlier allows remote attackers to execute arbitrary SQL commands via a cookie as defined in $pref[\u0027cookie_name\u0027]."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20060513 SQL-Injection in e107 allows attacker to become a site admininstrator",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/433938/100/0/threaded"
        },
        {
          "name": "e107-cookie-sql-injection(26434)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26434"
        },
        {
          "name": "ADV-2006-1802",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1802"
        },
        {
          "name": "905",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/905"
        },
        {
          "name": "20089",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20089"
        },
        {
          "name": "25521",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/25521"
        },
        {
          "name": "17966",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/17966"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-2416",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in class2.php in e107 0.7.2 and earlier allows remote attackers to execute arbitrary SQL commands via a cookie as defined in $pref[\u0027cookie_name\u0027]."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20060513 SQL-Injection in e107 allows attacker to become a site admininstrator",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/433938/100/0/threaded"
            },
            {
              "name": "e107-cookie-sql-injection(26434)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26434"
            },
            {
              "name": "ADV-2006-1802",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/1802"
            },
            {
              "name": "905",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/905"
            },
            {
              "name": "20089",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20089"
            },
            {
              "name": "25521",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/25521"
            },
            {
              "name": "17966",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/17966"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-2416",
    "datePublished": "2006-05-16T10:00:00",
    "dateReserved": "2006-05-15T00:00:00",
    "dateUpdated": "2024-08-07T17:51:04.584Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-2414 (GCVE-0-2009-2414)

Vulnerability from cvelistv5 – Published: 2009-08-11 18:00 – Updated: 2024-08-07 05:52

Summary

Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://www.ubuntu.com/usn/USN-815-1	vendor-advisoryx_refsource_UBUNTU
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://secunia.com/advisories/36631	third-party-advisoryx_refsource_SECUNIA
	http://www.networkworld.com/columnists/2009/08050…	x_refsource_MISC
	http://www.openoffice.org/security/cves/CVE-2009-…	x_refsource_CONFIRM
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.vupen.com/english/advisories/2009/3217	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/37471	third-party-advisoryx_refsource_SECUNIA
	http://support.apple.com/kb/HT4225	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2009/2420	vdb-entryx_refsource_VUPEN
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM
	http://secunia.com/advisories/36417	third-party-advisoryx_refsource_SECUNIA
	http://www.cert.fi/en/reports/2009/vulnerability2…	x_refsource_MISC
	http://www.codenomicon.com/labs/xml/	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://support.apple.com/kb/HT3949	x_refsource_CONFIRM
	http://www.mail-archive.com/debian-bugs-dist%40li…	mailing-listx_refsource_MLIST
	http://www.securityfocus.com/bid/36010	vdb-entryx_refsource_BID
	http://googlechromereleases.blogspot.com/2009/08/…	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/507985/100…	mailing-listx_refsource_BUGTRAQ
	https://git.gnome.org/browse/libxml2/commit/?id=4…	x_refsource_CONFIRM
	http://secunia.com/advisories/35036	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/36338	third-party-advisoryx_refsource_SECUNIA
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://bugzilla.redhat.com/show_bug.cgi?id=515195	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2009/3184	vdb-entryx_refsource_VUPEN
	http://www.debian.org/security/2009/dsa-1859	vendor-advisoryx_refsource_DEBIAN
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://secunia.com/advisories/37346	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2009/3316	vdb-entryx_refsource_VUPEN
	http://support.apple.com/kb/HT3937	x_refsource_CONFIRM
	http://secunia.com/advisories/36207	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:52:14.941Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-815-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-815-1"
          },
          {
            "name": "FEDORA-2009-8491",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00537.html"
          },
          {
            "name": "36631",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36631"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openoffice.org/security/cves/CVE-2009-2414-2416.html"
          },
          {
            "name": "APPLE-SA-2009-11-11-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html"
          },
          {
            "name": "ADV-2009-3217",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3217"
          },
          {
            "name": "37471",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37471"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4225"
          },
          {
            "name": "ADV-2009-2420",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2420"
          },
          {
            "name": "FEDORA-2009-8580",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00642.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
          },
          {
            "name": "36417",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36417"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.cert.fi/en/reports/2009/vulnerability2009085.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.codenomicon.com/labs/xml/"
          },
          {
            "name": "SUSE-SR:2009:015",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3949"
          },
          {
            "name": "[debian-bugs-dist] 20090810 Bug#540865: libxml2: CVE-2009-2414, CVE-2009-2416 pointer-user-after-free and stack overflow because of function recursion",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg678527.html"
          },
          {
            "name": "36010",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36010"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html"
          },
          {
            "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59"
          },
          {
            "name": "35036",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35036"
          },
          {
            "name": "36338",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36338"
          },
          {
            "name": "FEDORA-2009-8498",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00547.html"
          },
          {
            "name": "oval:org.mitre.oval:def:8639",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8639"
          },
          {
            "name": "oval:org.mitre.oval:def:10129",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10129"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=515195"
          },
          {
            "name": "ADV-2009-3184",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3184"
          },
          {
            "name": "DSA-1859",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1859"
          },
          {
            "name": "APPLE-SA-2009-11-09-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
          },
          {
            "name": "APPLE-SA-2010-06-21-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
          },
          {
            "name": "37346",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/37346"
          },
          {
            "name": "ADV-2009-3316",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3316"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3937"
          },
          {
            "name": "36207",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36207"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-08-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "USN-815-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-815-1"
        },
        {
          "name": "FEDORA-2009-8491",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00537.html"
        },
        {
          "name": "36631",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36631"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openoffice.org/security/cves/CVE-2009-2414-2416.html"
        },
        {
          "name": "APPLE-SA-2009-11-11-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html"
        },
        {
          "name": "ADV-2009-3217",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3217"
        },
        {
          "name": "37471",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37471"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4225"
        },
        {
          "name": "ADV-2009-2420",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2420"
        },
        {
          "name": "FEDORA-2009-8580",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00642.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
        },
        {
          "name": "36417",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36417"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.cert.fi/en/reports/2009/vulnerability2009085.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.codenomicon.com/labs/xml/"
        },
        {
          "name": "SUSE-SR:2009:015",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3949"
        },
        {
          "name": "[debian-bugs-dist] 20090810 Bug#540865: libxml2: CVE-2009-2414, CVE-2009-2416 pointer-user-after-free and stack overflow because of function recursion",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg678527.html"
        },
        {
          "name": "36010",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36010"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html"
        },
        {
          "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59"
        },
        {
          "name": "35036",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35036"
        },
        {
          "name": "36338",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36338"
        },
        {
          "name": "FEDORA-2009-8498",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00547.html"
        },
        {
          "name": "oval:org.mitre.oval:def:8639",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8639"
        },
        {
          "name": "oval:org.mitre.oval:def:10129",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10129"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=515195"
        },
        {
          "name": "ADV-2009-3184",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3184"
        },
        {
          "name": "DSA-1859",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1859"
        },
        {
          "name": "APPLE-SA-2009-11-09-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
        },
        {
          "name": "APPLE-SA-2010-06-21-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
        },
        {
          "name": "37346",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/37346"
        },
        {
          "name": "ADV-2009-3316",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3316"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3937"
        },
        {
          "name": "36207",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36207"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-2414",
    "datePublished": "2009-08-11T18:00:00",
    "dateReserved": "2009-07-09T00:00:00",
    "dateUpdated": "2024-08-07T05:52:14.941Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTA-2009-AVI-335

Description

Solution

CVE-2006-2416 (GCVE-0-2006-2416)

CVE-2009-2414 (GCVE-0-2009-2414)

Tags

Sightings

Nomenclature