CVE-2009-0689

CVSS V2 Medium 6.8 CVSS V3 None
Description
Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
Overview
  • CVE ID
  • CVE-2009-0689
  • Assigner
  • cret@cert.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2009-07-01T13:00:01
  • Last Modified Date
  • 2018-11-02T10:29:00
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:k-meleon_project:k-meleon:1.5.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:freebsd:freebsd:6.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:freebsd:freebsd:6.4:release:*:*:*:*:*:* 1 OR
cpe:2.3:o:freebsd:freebsd:6.4:release_p2:*:*:*:*:*:* 1 OR
cpe:2.3:o:freebsd:freebsd:6.4:release_p3:*:*:*:*:*:* 1 OR
cpe:2.3:o:freebsd:freebsd:6.4:release_p4:*:*:*:*:*:* 1 OR
cpe:2.3:o:freebsd:freebsd:6.4:release_p5:*:*:*:*:*:* 1 OR
cpe:2.3:o:freebsd:freebsd:6.4:stable:*:*:*:*:*:* 1 OR
cpe:2.3:o:freebsd:freebsd:7.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:freebsd:freebsd:7.2:pre-release:*:*:*:*:*:* 1 OR
cpe:2.3:o:freebsd:freebsd:7.2:stable:*:*:*:*:*:* 1 OR
cpe:2.3:o:netbsd:netbsd:5.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:openbsd:openbsd:4.5:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:P/I:P/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • PARTIAL
  • Base Score
  • 6.8
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 6.4
References
Reference URL Reference Tags
http://www.securityfocus.com/bid/35510 Exploit Patch
http://securitytracker.com/id?1022478 Patch
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/misc.c Patch Vendor Advisory
http://securityreason.com/achievement_securityalert/63 Exploit
http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gdtoa/gdtoaimp.h Patch
http://securityreason.com/achievement_securityalert/77
http://www.opera.com/support/kb/view/942/
http://www.redhat.com/support/errata/RHSA-2009-1601.html
http://securityreason.com/achievement_securityalert/72
http://www.vupen.com/english/advisories/2009/3297 Vendor Advisory
http://securityreason.com/achievement_securityalert/73
http://secunia.com/advisories/37683 Vendor Advisory
http://secunia.com/advisories/37431 Vendor Advisory
http://securityreason.com/achievement_securityalert/71
http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1
http://www.vupen.com/english/advisories/2009/3299 Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:294
http://secunia.com/advisories/37682 Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=516396
http://www.mandriva.com/security/advisories?name=MDVSA-2009:330
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
https://bugzilla.mozilla.org/show_bug.cgi?id=516862
http://secunia.com/secunia_research/2009-35/ Vendor Advisory
http://securityreason.com/achievement_securityalert/78
http://www.vupen.com/english/advisories/2009/3334 Vendor Advisory
http://www.mozilla.org/security/announce/2009/mfsa2009-59.html Vendor Advisory
http://securityreason.com/achievement_securityalert/75
http://securityreason.com/achievement_securityalert/76
http://securityreason.com/achievement_securityalert/69
http://secunia.com/advisories/38066 Vendor Advisory
http://www.vupen.com/english/advisories/2010/0094 Vendor Advisory
http://securityreason.com/achievement_securityalert/81
http://secunia.com/advisories/39001 Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2010-0153.html
http://www.redhat.com/support/errata/RHSA-2010-0154.html
http://www.vupen.com/english/advisories/2010/0650 Vendor Advisory
http://www.ubuntu.com/usn/USN-915-1
http://www.vupen.com/english/advisories/2010/0648 Vendor Advisory
http://secunia.com/advisories/38977 Vendor Advisory
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html Vendor Advisory
http://support.apple.com/kb/HT4077
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://support.apple.com/kb/HT4225
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
http://rhn.redhat.com/errata/RHSA-2014-0311.html
http://rhn.redhat.com/errata/RHSA-2014-0312.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9541
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6528
http://www.securityfocus.com/archive/1/508423/100/0/threaded
http://www.securityfocus.com/archive/1/508417/100/0/threaded
http://www.securityfocus.com/archive/1/507979/100/0/threaded
http://www.securityfocus.com/archive/1/507977/100/0/threaded
https://lists.debian.org/debian-lts-announce/2018/11/msg00001.html
History
Created Old Value New Value Data Type Notes
2022-05-10 17:54:06 Added to TrackCVE