{ "CVE_data_meta": { "ASSIGNER": "cert@cert.org", "ID": "CVE-2009-0689", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gdtoa/gdtoaimp.h", "refsource": "CONFIRM", "url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gdtoa/gdtoaimp.h" }, { "name": "http://secunia.com/secunia_research/2009-35/", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2009-35/" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=516862", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=516862" }, { "name": "20090625 Multiple Vendors libc/gdtoa printf(3) Array Overrun", "refsource": "SREASONRES", "url": "http://securityreason.com/achievement_securityalert/63" }, { "name": "20091120 SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/507979/100/0/threaded" }, { "name": "20091211 Thunderbird 2.0.0.23 (lib) Remote Array Overrun (Arbitrary code execution)", "refsource": "SREASONRES", "url": "http://securityreason.com/achievement_securityalert/78" }, { "name": "RHSA-2010:0153", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2010-0153.html" }, { "name": "20091211 Flock 2.5.2 Remote Array Overrun (Arbitrary code execution)", "refsource": "SREASONRES", "url": "http://securityreason.com/achievement_securityalert/75" }, { "name": "MDVSA-2009:330", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:330" }, { "name": "39001", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39001" }, { "name": "SUSE-SR:2009:018", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html" }, { "name": "20091120 K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/507977/100/0/threaded" }, { "name": "http://support.apple.com/kb/HT4225", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4225" }, { "name": "20091120 Opera 10.01 Remote Array Overrun (Arbitrary code execution)", "refsource": "SREASONRES", "url": "http://securityreason.com/achievement_securityalert/73" }, { "name": "20091120 K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution)", "refsource": "SREASONRES", "url": "http://securityreason.com/achievement_securityalert/72" }, { "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-59.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-59.html" }, { "name": "ADV-2010-0094", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0094" }, { "name": "ADV-2010-0648", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0648" }, { "name": "ADV-2010-0650", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0650" }, { "name": "272909", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1" }, { "name": "ADV-2009-3299", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/3299" }, { "name": "RHSA-2009:1601", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2009-1601.html" }, { "name": "20091210 Camino 1.6.10 Remote Array Overrun (Arbitrary code execution)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/508423/100/0/threaded" }, { "name": "APPLE-SA-2010-03-29-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" }, { "name": "[debian-lts-announce] 20181101 [SECURITY] [DLA 1564-1] mono security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00001.html" }, { "name": "SUSE-SR:2010:013", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" }, { "name": "RHSA-2014:0312", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0312.html" }, { "name": "37683", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37683" }, { "name": "38977", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38977" }, { "name": "http://www.opera.com/support/kb/view/942/", "refsource": "CONFIRM", "url": "http://www.opera.com/support/kb/view/942/" }, { "name": "20091030 Multiple BSD printf(1) and multiple dtoa/*printf(3) vulnerabilities", "refsource": "SREASONRES", "url": "http://securityreason.com/achievement_securityalert/69" }, { "name": "RHSA-2010:0154", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2010-0154.html" }, { "name": "http://support.apple.com/kb/HT4077", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4077" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=516396", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=516396" }, { "name": "oval:org.mitre.oval:def:6528", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6528" }, { "name": "37682", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37682" }, { "name": "oval:org.mitre.oval:def:9541", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9541" }, { "name": "38066", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38066" }, { "name": "USN-915-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-915-1" }, { "name": "20091210 Flock 2.5.2 Remote Array Overrun (Arbitrary code execution)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/508417/100/0/threaded" }, { "name": "RHSA-2014:0311", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0311.html" }, { "name": "ADV-2009-3297", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/3297" }, { "name": "20091211 Camino 1.6.10 Remote Array Overrun (Arbitrary code execution)", "refsource": "SREASONRES", "url": "http://securityreason.com/achievement_securityalert/76" }, { "name": "37431", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37431" }, { "name": "20100108 MacOS X 10.5/10.6 libc/strtod(3) buffer overflow", "refsource": "SREASONRES", "url": "http://securityreason.com/achievement_securityalert/81" }, { "name": "20091120 SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution)", "refsource": "SREASONRES", "url": "http://securityreason.com/achievement_securityalert/71" }, { "name": "1022478", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1022478" }, { "name": "APPLE-SA-2010-06-21-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" }, { "name": "http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/misc.c", "refsource": "CONFIRM", "url": "http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/misc.c" }, { "name": "ADV-2009-3334", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/3334" }, { "name": "20091211 Sunbird 0.9 Array Overrun (code execution)", "refsource": "SREASONRES", "url": "http://securityreason.com/achievement_securityalert/77" }, { "name": "MDVSA-2009:294", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:294" }, { "name": "35510", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35510" } ] } }