VYPR
Unrated severityNVD Advisory· Published Mar 1, 2005· Updated Jun 16, 2026

CVE-2004-0989

CVE-2004-0989

Description

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

17
  • Xmlsoft/Libxml211 versions
    cpe:2.3:a:xmlsoft:libxml:1.8.17:*:*:*:*:*:*:*+ 10 more
    • cpe:2.3:a:xmlsoft:libxml:1.8.17:*:*:*:*:*:*:*
    • cpe:2.3:a:xmlsoft:libxml2:2.5.11:*:*:*:*:*:*:*
    • cpe:2.3:a:xmlsoft:libxml2:2.6.11:*:*:*:*:*:*:*
    • cpe:2.3:a:xmlsoft:libxml2:2.6.12:*:*:*:*:*:*:*
    • cpe:2.3:a:xmlsoft:libxml2:2.6.13:*:*:*:*:*:*:*
    • cpe:2.3:a:xmlsoft:libxml2:2.6.14:*:*:*:*:*:*:*
    • cpe:2.3:a:xmlsoft:libxml2:2.6.6:*:*:*:*:*:*:*
    • cpe:2.3:a:xmlsoft:libxml2:2.6.7:*:*:*:*:*:*:*
    • cpe:2.3:a:xmlsoft:libxml2:2.6.8:*:*:*:*:*:*:*
    • cpe:2.3:a:xmlsoft:libxml2:2.6.9:*:*:*:*:*:*:*
    • (no CPE)range: 2.6.12, 2.6.13
  • cpe:2.3:a:xmlstarlet:command_line_xml_toolkit:0.9.1:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
  • cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
    • cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*
  • Ubuntu/Linux2 versions
    cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*+ 1 more
    • cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*
    • cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*

Patches

Vulnerability mechanics

References

22

News mentions

0

No linked articles in our index yet.