MidnightBSD

Advisories for xmlstarlet

CVE-2004-0989 HIGH

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xmlsoft libxml2 2.6.12
xmlsoft libxml2 2.5.11
xmlsoft libxml2 2.6.9
xmlsoft libxml2 2.6.6
trustix secure_linux 2.1
xmlsoft libxml2 2.6.14
redhat fedora_core core_2.0
xmlsoft libxml2 2.6.11
xmlsoft libxml2 2.6.8
xmlsoft libxml 1.8.17
xmlsoft libxml2 2.6.13
ubuntu ubuntu_linux 4.1
trustix secure_linux 2.0
xmlstarlet command_line_xml_toolkit 0.9.1
xmlsoft libxml2 2.6.7
CVE-2004-2159 HIGH

Multiple buffer overflows in XMLStarlet Command Line XML Toolkit 0.9.3 have unknown impact and attack vectors via (1) xml_elem.c and (2) xml_select.c.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xmlstarlet command_line_xml_toolkit 0.9.3
CVE-2004-2160 MEDIUM

Format string vulnerability in xml_elem.c for XMLStarlet Command Line XML Toolkit 0.9.3 may allow attackers to cause a denial of service or execute arbitrary code.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
xmlstarlet command_line_xml_toolkit 0.9.3