Уязвимость CVE-2009-0689: Информация

Описание

Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.

Важность: MEDIUM (6,8)

Ссылки на рекомендации, решения и инструменты

1. Подверженные конфигурации:

   1. Конфигурация 1

      cpe:2.3:o:freebsd:freebsd:6.4:release_p2:*:*:*:*:*:*

      ---

      cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:freebsd:freebsd:6.4:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:freebsd:freebsd:6.4:release_p5:*:*:*:*:*:*

      ---

      cpe:2.3:o:netbsd:netbsd:5.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:k-meleon_project:k-meleon:1.5.3:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:freebsd:freebsd:6.4:release:*:*:*:*:*:*

      ---

      cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:freebsd:freebsd:6.4:stable:*:*:*:*:*:*

      ---

      cpe:2.3:o:freebsd:freebsd:6.4:release_p4:*:*:*:*:*:*

      ---

      cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:openbsd:openbsd:4.5:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:freebsd:freebsd:7.2:pre-release:*:*:*:*:*:*

      ---

      cpe:2.3:o:freebsd:freebsd:7.2:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:freebsd:freebsd:6.4:release_p3:*:*:*:*:*:*

      ---

      cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:freebsd:freebsd:7.2:stable:*:*:*:*:*:*

      ---

      cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*

      ---