CVE-2009-0689
Summary
| CVE | CVE-2009-0689 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2009-07-01 13:00:00 UTC |
| Updated | 2018-11-02 10:29:00 UTC |
| Description | Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number. |
Risk And Classification
Problem Types: CWE-119
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Freebsd | Freebsd | 6.4 | All | All | All |
| Operating System | Freebsd | Freebsd | 6.4 | release | All | All |
| Operating System | Freebsd | Freebsd | 6.4 | release_p2 | All | All |
| Operating System | Freebsd | Freebsd | 6.4 | release_p3 | All | All |
| Operating System | Freebsd | Freebsd | 6.4 | release_p4 | All | All |
| Operating System | Freebsd | Freebsd | 6.4 | release_p5 | All | All |
| Operating System | Freebsd | Freebsd | 6.4 | stable | All | All |
| Operating System | Freebsd | Freebsd | 7.2 | All | All | All |
| Operating System | Freebsd | Freebsd | 7.2 | pre-release | All | All |
| Operating System | Freebsd | Freebsd | 7.2 | stable | All | All |
| Operating System | Freebsd | Freebsd | 6.4 | All | All | All |
| Operating System | Freebsd | Freebsd | 6.4 | release | All | All |
| Operating System | Freebsd | Freebsd | 6.4 | release_p2 | All | All |
| Operating System | Freebsd | Freebsd | 6.4 | release_p3 | All | All |
| Operating System | Freebsd | Freebsd | 6.4 | release_p4 | All | All |
| Operating System | Freebsd | Freebsd | 6.4 | release_p5 | All | All |
| Operating System | Freebsd | Freebsd | 6.4 | stable | All | All |
| Operating System | Freebsd | Freebsd | 7.2 | All | All | All |
| Operating System | Freebsd | Freebsd | 7.2 | pre-release | All | All |
| Operating System | Freebsd | Freebsd | 7.2 | stable | All | All |
| Application | K-meleon Project | K-meleon | 1.5.3 | All | All | All |
| Application | K-meleon Project | K-meleon | 1.5.3 | All | All | All |
| Application | Mozilla | Firefox | 3.0.1 | All | All | All |
| Application | Mozilla | Firefox | 3.0.10 | All | All | All |
| Application | Mozilla | Firefox | 3.0.11 | All | All | All |
| Application | Mozilla | Firefox | 3.0.12 | All | All | All |
| Application | Mozilla | Firefox | 3.0.13 | All | All | All |
| Application | Mozilla | Firefox | 3.0.14 | All | All | All |
| Application | Mozilla | Firefox | 3.0.2 | All | All | All |
| Application | Mozilla | Firefox | 3.0.3 | All | All | All |
| Application | Mozilla | Firefox | 3.0.4 | All | All | All |
| Application | Mozilla | Firefox | 3.0.5 | All | All | All |
| Application | Mozilla | Firefox | 3.0.6 | All | All | All |
| Application | Mozilla | Firefox | 3.0.7 | All | All | All |
| Application | Mozilla | Firefox | 3.0.8 | All | All | All |
| Application | Mozilla | Firefox | 3.0.9 | All | All | All |
| Application | Mozilla | Firefox | 3.5 | All | All | All |
| Application | Mozilla | Firefox | 3.5.1 | All | All | All |
| Application | Mozilla | Firefox | 3.5.2 | All | All | All |
| Application | Mozilla | Firefox | 3.5.3 | All | All | All |
| Application | Mozilla | Firefox | 3.0.1 | All | All | All |
| Application | Mozilla | Firefox | 3.0.10 | All | All | All |
| Application | Mozilla | Firefox | 3.0.11 | All | All | All |
| Application | Mozilla | Firefox | 3.0.12 | All | All | All |
| Application | Mozilla | Firefox | 3.0.13 | All | All | All |
| Application | Mozilla | Firefox | 3.0.14 | All | All | All |
| Application | Mozilla | Firefox | 3.0.2 | All | All | All |
| Application | Mozilla | Firefox | 3.0.3 | All | All | All |
| Application | Mozilla | Firefox | 3.0.4 | All | All | All |
| Application | Mozilla | Firefox | 3.0.5 | All | All | All |
| Application | Mozilla | Firefox | 3.0.6 | All | All | All |
| Application | Mozilla | Firefox | 3.0.7 | All | All | All |
| Application | Mozilla | Firefox | 3.0.8 | All | All | All |
| Application | Mozilla | Firefox | 3.0.9 | All | All | All |
| Application | Mozilla | Firefox | 3.5 | All | All | All |
| Application | Mozilla | Firefox | 3.5.1 | All | All | All |
| Application | Mozilla | Firefox | 3.5.2 | All | All | All |
| Application | Mozilla | Firefox | 3.5.3 | All | All | All |
| Application | Mozilla | Seamonkey | 1.1.8 | All | All | All |
| Application | Mozilla | Seamonkey | 1.1.8 | All | All | All |
| Operating System | Netbsd | Netbsd | 5.0 | All | All | All |
| Operating System | Netbsd | Netbsd | 5.0 | All | All | All |
| Operating System | Openbsd | Openbsd | 4.5 | All | All | All |
| Operating System | Openbsd | Openbsd | 4.5 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 272909 | SUNALERT | sunsolve.sun.com | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| Opera 10.01 Remote Array Overrun (Arbitrary code execution) ( Research Advisory ) - SecurityReason.com | SREASONRES | securityreason.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Vendor Advisory |
| CVS log for src/lib/libc/gdtoa/gdtoaimp.h | CONFIRM | cvsweb.netbsd.org | Patch |
| Mozilla Thunderbird Floating Point Parsing Memory Corruption - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| CVS log for src/lib/libc/gdtoa/misc.c | CONFIRM | www.openbsd.org | Patch, Vendor Advisory |
| Multiple BSD printf(1) and multiple dtoa/*printf(3) vulnerabilities ( Research Advisory ) - SecurityReason.com | SREASONRES | securityreason.com | |
| Advisory: Heap buffer overflow in string to number conversion - Opera Knowledge Base | CONFIRM | www.opera.com | |
| Webmail - OVH | VUPEN | www.vupen.com | Vendor Advisory |
| Opera Floating Point Number Processing Memory Corruption - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| SecurityTracker.com Archives - libc gdtoa Array Overrun May Let Remote or Local Users Execute Arbitrary Code | SECTRACK | securitytracker.com | Patch |
| Apple Mac OS X "strtod()" Floating Point Parsing Memory Corruption - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| Thunderbird 2.0.0.23 (lib) Remote Array Overrun (Arbitrary code execution) ( Research Advisory ) - SecurityReason.com | SREASONRES | securityreason.com | |
| Support / Security / Advisories / / MDVSA-2009:330 | Mandriva | MANDRIVA | www.mandriva.com | |
| USN-915-1: Thunderbird vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | |
| Sunbird Floating Point Parsing Memory Corruption Vulnerability - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| Webmail - OVH | VUPEN | www.vupen.com | Vendor Advisory |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| Camino 1.6.10 Remote Array Overrun (Arbitrary code execution) ( Research Advisory ) - SecurityReason.com | SREASONRES | securityreason.com | |
| Support | REDHAT | www.redhat.com | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| Sunbird 0.9 Array Overrun (code execution) ( Research Advisory ) - SecurityReason.com | SREASONRES | securityreason.com | |
| About the security content of iOS 4 | CONFIRM | support.apple.com | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| Ubuntu update for thunderbird - Advisories - Community | SECUNIA | secunia.com | Vendor Advisory |
| Support | Red Hat | REDHAT | www.redhat.com | |
| Support | REDHAT | www.redhat.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Vendor Advisory |
| APPLE-SA-2010-03-29-1 Security Update 2010-002 / Mac OS X v10.6.3 | APPLE | lists.apple.com | Vendor Advisory |
| Flock 2.5.2 Remote Array Overrun (Arbitrary code execution) ( Research Advisory ) - SecurityReason.com | SREASONRES | securityreason.com | |
| MacOS X 10.5/10.6 libc/strtod(3) buffer overflow ( Research Advisory ) - SecurityReason.com | SREASONRES | securityreason.com | |
| APPLE-SA-2010-06-21-1 iOS 4 | APPLE | lists.apple.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Vendor Advisory |
| SeaMonkey 1.1.8 Remote Array Overrun (Arbitrary code execution) ( Research Advisory ) - SecurityReason.com | SREASONRES | securityreason.com | |
| About Secunia Research | Flexera | MISC | secunia.com | Vendor Advisory |
| MFSA 2009-59: Heap buffer overflow in string to number conversion | CONFIRM | www.mozilla.org | Vendor Advisory |
| [security-announce] SUSE Security Summary Report: SUSE-SR:2009:018 | SUSE | lists.opensuse.org | |
| K-Meleon 1.5.3 Remote Array Overrun (Arbitrary code execution) ( Research Advisory ) - SecurityReason.com | SREASONRES | securityreason.com | |
| Multiple Vendors libc/gdtoa printf(3) Array Overrun ( Research Advisory ) - SecurityReason.com | SREASONRES | securityreason.com | Exploit |
| Mozilla SeaMonkey Multiple Vulnerabilities - Advisories - Community | SECUNIA | secunia.com | Vendor Advisory |
| Support / Security / Advisories / / MDVSA-2009:294 | Mandriva | MANDRIVA | www.mandriva.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| [security-announce] SUSE Security Summary Report: SUSE-SR:2010:013 | SUSE | lists.opensuse.org | |
| 516862 – Array indexing error in js/src/dtoa.c's Balloc() leads to floating point memory vulnerability (SA36711) | CONFIRM | bugzilla.mozilla.org | |
| [SECURITY] [DLA 1564-1] mono security update | MLIST | lists.debian.org | |
| Multiple BSD Distributions 'gdtoa/misc.c' Memory Corruption Vulnerability | BID | www.securityfocus.com | Exploit, Patch |
| About the security content of Security Update 2010-002 / Mac OS X v10.6.3 | CONFIRM | support.apple.com | |
| 516396 – (CVE-2009-0689) Array indexing error in NSPR's Balloc() leads to floating point memory vulnerability (SA36711) | CONFIRM | bugzilla.mozilla.org | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.