Vulnerability CVE-2009-0689


Published: 2009-07-01   Modified: 2012-02-13

Description:
Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.

See advisories in our WLB2 database:
Topic
Author
Date
High
Multiple Vendors libc/gdtoa printf(3) Array Overrun
Maksymilian Arci...
27.06.2009
High
K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution)
Maksymilian Arci...
24.11.2009
High
KDE KDELibs 4.3.3 Remote Array Overrun (Arbitrary code execution)
Maksymilian Arci...
24.11.2009
High
Opera 10.01 Remote Array Overrun (Arbitrary code execution)
Maksymilian Arci...
24.11.2009
High
SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution)
Maksymilian Arci...
20.11.2009
High
Flock 2.5.2 Remote Array Overrun (Arbitrary code execution)
Maksymilian Arci...
14.12.2009
High
Camino 1.6.10 Remote Array Overrun (Arbitrary code execution)
Maksymilian Arci...
14.12.2009
High
Sunbird 0.9 Array Overrun (code execution)
Maksymilian Arci...
14.12.2009
High
Thunderbird 2.0.0.23 (lib) Remote Array Overrun (Arbitrary code execution)
Maksymilian Arci...
14.12.2009
High
J 6.02.023 Array Overrun (code execution)
Maksymilian Arci...
08.01.2010
High
Matlab R2009b Array Overrun (code execution)
Maksymilian Arci...
08.01.2010
High
MacOS X 10.5/10.6 libc/strtod(3) buffer overflow
Maksymilian Arci...
08.01.2010

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Openbsd -> Openbsd 
Netbsd -> Netbsd 
Mozilla -> Firefox 
Mozilla -> Seamonkey 
K-meleon project -> K-meleon 
Freebsd -> Freebsd 

 References:
http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gdtoa/gdtoaimp.h
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://rhn.redhat.com/errata/RHSA-2014-0311.html
http://rhn.redhat.com/errata/RHSA-2014-0312.html
http://securityreason.com/achievement_securityalert/63
http://securityreason.com/achievement_securityalert/69
http://securityreason.com/achievement_securityalert/71
http://securityreason.com/achievement_securityalert/72
http://securityreason.com/achievement_securityalert/73
http://securityreason.com/achievement_securityalert/75
http://securityreason.com/achievement_securityalert/76
http://securityreason.com/achievement_securityalert/77
http://securityreason.com/achievement_securityalert/78
http://securityreason.com/achievement_securityalert/81
http://securitytracker.com/id?1022478
http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1
http://support.apple.com/kb/HT4077
http://support.apple.com/kb/HT4225
http://www.mandriva.com/security/advisories?name=MDVSA-2009:294
http://www.mandriva.com/security/advisories?name=MDVSA-2009:330
http://www.mozilla.org/security/announce/2009/mfsa2009-59.html
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/misc.c
http://www.opera.com/support/kb/view/942/
http://www.redhat.com/support/errata/RHSA-2009-1601.html
http://www.redhat.com/support/errata/RHSA-2010-0153.html
http://www.redhat.com/support/errata/RHSA-2010-0154.html
http://www.securityfocus.com/archive/1/507977/100/0/threaded
http://www.securityfocus.com/archive/1/507979/100/0/threaded
http://www.securityfocus.com/archive/1/508417/100/0/threaded
http://www.securityfocus.com/archive/1/508423/100/0/threaded
http://www.securityfocus.com/bid/35510
http://www.ubuntu.com/usn/USN-915-1
http://www.vupen.com/english/advisories/2009/3297
http://www.vupen.com/english/advisories/2009/3299
http://www.vupen.com/english/advisories/2009/3334
http://www.vupen.com/english/advisories/2010/0094
http://www.vupen.com/english/advisories/2010/0648
http://www.vupen.com/english/advisories/2010/0650
https://bugzilla.mozilla.org/show_bug.cgi?id=516396
https://bugzilla.mozilla.org/show_bug.cgi?id=516862
https://lists.debian.org/debian-lts-announce/2018/11/msg00001.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6528
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9541

Copyright 2021, cxsecurity.com

 

Back to Top