Unrated severityNVD Advisory· Published Mar 1, 2005· Updated Apr 16, 2026

CVE-2004-0989

Description

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.

Affected products

Xmlsoft/Libxml
cpe:2.3:a:xmlsoft:libxml:1.8.17:*:*:*:*:*:*:*
Xmlsoft/Libxml29 versions
cpe:2.3:a:xmlsoft:libxml2:2.5.11:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:xmlsoft:libxml2:2.5.11:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.11:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.12:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.13:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.14:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.6.9:*:*:*:*:*:*:*
Xmlstarlet/Command Line Xml Toolkit
cpe:2.3:a:xmlstarlet:command_line_xml_toolkit:0.9.1:*:*:*:*:*:*:*
Red Hat/Fedora Core
cpe:2.3:o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
Trustix/Secure Linux2 versions
cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*
Ubuntu/Linux2 versions
cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*+ 1 more
- cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*
- cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.019
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000