FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2009-2414

This CVE name corresponds to:

Entered Topic
2011-11-10 libxml -- Stack consumption vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2009-2414
Phase Assigned(20090709)

Description

Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service (application crash) via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the Codenomicon XML fuzzing framework.

References

Source Reference
BUGTRAQ 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components
MLIST [debian-bugs-dist] 20090810 Bug#540865: libxml2: CVE-2009-2414, CVE-2009-2416 pointer-user-after-free and stack overflow because of function recursion
MISC http://www.cert.fi/en/reports/2009/vulnerability2009085.html
MISC http://www.codenomicon.com/labs/xml/
MISC http://www.networkworld.com/columnists/2009/080509-xml-flaw.html
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=515195
CONFIRM http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html
CONFIRM http://support.apple.com/kb/HT3937
CONFIRM http://support.apple.com/kb/HT3949
CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0016.html
CONFIRM http://support.apple.com/kb/HT4225
CONFIRM http://www.openoffice.org/security/cves/CVE-2009-2414-2416.html
CONFIRM https://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59
APPLE APPLE-SA-2009-11-09-1
APPLE APPLE-SA-2009-11-11-1
APPLE APPLE-SA-2010-06-21-1
DEBIAN DSA-1859
FEDORA FEDORA-2009-8491
FEDORA FEDORA-2009-8498
FEDORA FEDORA-2009-8580
SUSE SUSE-SR:2009:015
UBUNTU USN-815-1
BID 36010
OVAL oval:org.mitre.oval:def:10129
OVAL oval:org.mitre.oval:def:8639
SECUNIA 36338
SECUNIA 36207
SECUNIA 36417
SECUNIA 37471
SECUNIA 37346
SECUNIA 35036
SECUNIA 36631
VUPEN ADV-2009-2420
VUPEN ADV-2009-3184
VUPEN ADV-2009-3316
VUPEN ADV-2009-3217