FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libxml2 stack buffer overflow in URI parsing

Affected packages
libxml2 < 2.6.6


VuXML ID 847ade05-6717-11d8-b321-000a95bc6fae
Discovery 2004-02-08
Entry 2004-02-25

Yuuichi Teranishi reported a crash in libxml2's URI handling when a long URL is supplied. The implementation in nanohttp.c and nanoftp.c uses a 4K stack buffer, and longer URLs will overwrite the stack. This could result in denial-of-service or arbitrary code execution in applications using libxml2 to parse documents.


CVE Name CVE-2004-0110