{"vuid":"VU#493966","idnumber":"493966","name":"Libxml2 URI parsing errors in nanohttp and nanoftp","keywords":["Libxml2","buffer overflow","URI","nanohttp","nanoftp","gnome-xml","XPath","XPointer","xmllint","libxml"],"overview":"Libxml is the XML parser for Gnome, a desktop suite and development platform for Linux systems. Libxml2, the latest version of the library as of this writing, has a buffer overflow vulnerability which may allow execution of arbitrary code.","clean_desc":"Gnome, a desktop suite and development platform for Linux systems, uses Libxml as an XML parser to handle encoding and decoding or URI strings (this is part of the GNOME XML Toolkit). The Libxml2 release of Libxml prior to version 2.6.6 (published Feb 12 2004) contains a buffer overflow vulnerability when parsing URI strings in XML-structrued files. If the URI is over 4096 bytes, it may be possible to crash software using a vulnerable version of Libxml2.","impact":"The complete impact of this vulnerability is not yet known. It is reported to cause a SEGV in software using a vulnerable version of Libxml2.","resolution":"Update to Libxml2 version 2.6.6 or later at http://www.xmlsoft.org/downloads.html","workarounds":"","sysaffected":"","thanks":"Thanks to Yuuichi Teranishi for finding this vulnerability.","author":"This document was written by Jeffrey S. Havrilla.","public":["http://mail.gnome.org/archives/xml/2004-February/msg00070.html","http://www.gnome.org/softwaremap/projects/libxml","http://www.xmlsoft.org/news.html","http://www.xmlsoft.org/downloads.html","http://secunia.com/advisories/10958/","http://www.securityfocus.com/bid/9718","http://xforce.iss.net/xforce/xfdb/15301","http://xforce.iss.net/xforce/xfdb/15302","http://www.ciac.org/ciac/bulletins/o-086.shtml","http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0110"],"cveids":["CVE-2004-0110"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-02-25T19:34:17Z","publicdate":"2004-02-12T00:00:00Z","datefirstpublished":"2004-03-09T16:25:42Z","dateupdated":"2004-03-09T20:04:07Z","revision":9,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.0,"vulnote":null}