Vulnerability CVE-2009-0689

Vulnerability CVE-2009-0689

Published: 2009-07-01 Modified: 2012-02-13

Description:

Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.

See advisories in our WLB2 database:

	Topic	Author	Date
High	Multiple Vendors libc/gdtoa printf(3) Array Overrun	Maksymilian Arci...	27.06.2009
High	K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution)	Maksymilian Arci...	24.11.2009
High	KDE KDELibs 4.3.3 Remote Array Overrun (Arbitrary code execution)	Maksymilian Arci...	24.11.2009
High	Opera 10.01 Remote Array Overrun (Arbitrary code execution)	Maksymilian Arci...	24.11.2009
High	SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution)	Maksymilian Arci...	20.11.2009
High	Flock 2.5.2 Remote Array Overrun (Arbitrary code execution)	Maksymilian Arci...	14.12.2009
High	Camino 1.6.10 Remote Array Overrun (Arbitrary code execution)	Maksymilian Arci...	14.12.2009
High	Sunbird 0.9 Array Overrun (code execution)	Maksymilian Arci...	14.12.2009
High	Thunderbird 2.0.0.23 (lib) Remote Array Overrun (Arbitrary code execution)	Maksymilian Arci...	14.12.2009
High	J 6.02.023 Array Overrun (code execution)	Maksymilian Arci...	08.01.2010
High	Matlab R2009b Array Overrun (code execution)	Maksymilian Arci...	08.01.2010
High	MacOS X 10.5/10.6 libc/strtod(3) buffer overflow	Maksymilian Arci...	08.01.2010

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
6.8/10	6.4/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
Openbsd -> Openbsd
Netbsd -> Netbsd
Mozilla -> Firefox
Mozilla -> Seamonkey
K-meleon project -> K-meleon
Freebsd -> Freebsd

References:

http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gdtoa/gdtoaimp.h

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html

http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

http://rhn.redhat.com/errata/RHSA-2014-0311.html

http://rhn.redhat.com/errata/RHSA-2014-0312.html

http://securityreason.com/achievement_securityalert/63

http://securityreason.com/achievement_securityalert/69

http://securityreason.com/achievement_securityalert/71

http://securityreason.com/achievement_securityalert/72

http://securityreason.com/achievement_securityalert/73

http://securityreason.com/achievement_securityalert/75

http://securityreason.com/achievement_securityalert/76

http://securityreason.com/achievement_securityalert/77

http://securityreason.com/achievement_securityalert/78

http://securityreason.com/achievement_securityalert/81

http://securitytracker.com/id?1022478

http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1

http://support.apple.com/kb/HT4077

http://support.apple.com/kb/HT4225

http://www.mandriva.com/security/advisories?name=MDVSA-2009:294

http://www.mandriva.com/security/advisories?name=MDVSA-2009:330

http://www.mozilla.org/security/announce/2009/mfsa2009-59.html

http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/misc.c

http://www.opera.com/support/kb/view/942/

http://www.redhat.com/support/errata/RHSA-2009-1601.html

http://www.redhat.com/support/errata/RHSA-2010-0153.html

http://www.redhat.com/support/errata/RHSA-2010-0154.html

http://www.securityfocus.com/archive/1/507977/100/0/threaded

http://www.securityfocus.com/archive/1/507979/100/0/threaded

http://www.securityfocus.com/archive/1/508417/100/0/threaded

http://www.securityfocus.com/archive/1/508423/100/0/threaded

http://www.securityfocus.com/bid/35510

http://www.ubuntu.com/usn/USN-915-1

http://www.vupen.com/english/advisories/2009/3297

http://www.vupen.com/english/advisories/2009/3299

http://www.vupen.com/english/advisories/2009/3334

http://www.vupen.com/english/advisories/2010/0094

http://www.vupen.com/english/advisories/2010/0648

http://www.vupen.com/english/advisories/2010/0650

https://bugzilla.mozilla.org/show_bug.cgi?id=516396

https://bugzilla.mozilla.org/show_bug.cgi?id=516862

https://lists.debian.org/debian-lts-announce/2018/11/msg00001.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6528

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9541

Vulnerability CVE-2009-0689

See advisories in our WLB2 database:

High

High

High

High

High

High

High

High

High

High

High

High

CWE-119

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

6.8/10

6.4/10

8.6/10

Remote

Medium

No required

Partial

Partial

Partial

Affected software

References: