Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-0689

Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.

Published

2009-07-01T13:00:01.360

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	k-meleon_project	k-meleon	1.5.3	Yes
Application	mozilla	firefox	3.0.1	Yes
Application	mozilla	firefox	3.0.2	Yes
Application	mozilla	firefox	3.0.3	Yes
Application	mozilla	firefox	3.0.4	Yes
Application	mozilla	firefox	3.0.5	Yes
Application	mozilla	firefox	3.0.6	Yes
Application	mozilla	firefox	3.0.7	Yes
Application	mozilla	firefox	3.0.8	Yes
Application	mozilla	firefox	3.0.9	Yes
Application	mozilla	firefox	3.0.10	Yes
Application	mozilla	firefox	3.0.11	Yes
Application	mozilla	firefox	3.0.12	Yes
Application	mozilla	firefox	3.0.13	Yes
Application	mozilla	firefox	3.0.14	Yes
Application	mozilla	firefox	3.5	Yes
Application	mozilla	firefox	3.5.1	Yes
Application	mozilla	firefox	3.5.2	Yes
Application	mozilla	firefox	3.5.3	Yes
Application	mozilla	seamonkey	1.1.8	Yes
Operating System	freebsd	freebsd	6.4	Yes
Operating System	freebsd	freebsd	6.4	Yes
Operating System	freebsd	freebsd	6.4	Yes
Operating System	freebsd	freebsd	6.4	Yes
Operating System	freebsd	freebsd	6.4	Yes
Operating System	freebsd	freebsd	6.4	Yes
Operating System	freebsd	freebsd	6.4	Yes
Operating System	freebsd	freebsd	7.2	Yes
Operating System	freebsd	freebsd	7.2	Yes
Operating System	freebsd	freebsd	7.2	Yes
Operating System	netbsd	netbsd	5.0	Yes
Operating System	openbsd	openbsd	4.5	Yes

References

http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gdtoa/gdtoaimp.h Patch ([email protected])
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html Vendor Advisory ([email protected])
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2014-0311.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2014-0312.html ([email protected])
http://secunia.com/advisories/37431 Vendor Advisory ([email protected])
http://secunia.com/advisories/37682 Vendor Advisory ([email protected])
http://secunia.com/advisories/37683 Vendor Advisory ([email protected])
http://secunia.com/advisories/38066 Vendor Advisory ([email protected])
http://secunia.com/advisories/38977 Vendor Advisory ([email protected])
http://secunia.com/advisories/39001 Vendor Advisory ([email protected])
http://secunia.com/secunia_research/2009-35/ Vendor Advisory ([email protected])
http://securityreason.com/achievement_securityalert/63 Exploit ([email protected])
http://securityreason.com/achievement_securityalert/69 ([email protected])
http://securityreason.com/achievement_securityalert/71 ([email protected])
http://securityreason.com/achievement_securityalert/72 ([email protected])
http://securityreason.com/achievement_securityalert/73 ([email protected])
http://securityreason.com/achievement_securityalert/75 ([email protected])
http://securityreason.com/achievement_securityalert/76 ([email protected])
http://securityreason.com/achievement_securityalert/77 ([email protected])
http://securityreason.com/achievement_securityalert/78 ([email protected])
http://securityreason.com/achievement_securityalert/81 ([email protected])
http://securitytracker.com/id?1022478 Patch ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1 ([email protected])
http://support.apple.com/kb/HT4077 ([email protected])
http://support.apple.com/kb/HT4225 ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2009:294 ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2009:330 ([email protected])
http://www.mozilla.org/security/announce/2009/mfsa2009-59.html Vendor Advisory ([email protected])
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/misc.c Patch, Vendor Advisory ([email protected])
http://www.opera.com/support/kb/view/942/ ([email protected])
http://www.redhat.com/support/errata/RHSA-2009-1601.html ([email protected])
http://www.redhat.com/support/errata/RHSA-2010-0153.html ([email protected])
http://www.redhat.com/support/errata/RHSA-2010-0154.html ([email protected])
http://www.securityfocus.com/archive/1/507977/100/0/threaded ([email protected])
http://www.securityfocus.com/archive/1/507979/100/0/threaded ([email protected])
http://www.securityfocus.com/archive/1/508417/100/0/threaded ([email protected])
http://www.securityfocus.com/archive/1/508423/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/35510 Exploit, Patch ([email protected])
http://www.ubuntu.com/usn/USN-915-1 ([email protected])
http://www.vupen.com/english/advisories/2009/3297 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2009/3299 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2009/3334 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2010/0094 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2010/0648 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2010/0650 Vendor Advisory ([email protected])
https://bugzilla.mozilla.org/show_bug.cgi?id=516396 ([email protected])
https://bugzilla.mozilla.org/show_bug.cgi?id=516862 ([email protected])
https://lists.debian.org/debian-lts-announce/2018/11/msg00001.html ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6528 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9541 ([email protected])
http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gdtoa/gdtoaimp.h Patch (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2014-0311.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2014-0312.html (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/37431 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/37682 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/37683 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/38066 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/38977 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/39001 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/secunia_research/2009-35/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/achievement_securityalert/63 Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/achievement_securityalert/69 (af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/achievement_securityalert/71 (af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/achievement_securityalert/72 (af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/achievement_securityalert/73 (af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/achievement_securityalert/75 (af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/achievement_securityalert/76 (af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/achievement_securityalert/77 (af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/achievement_securityalert/78 (af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/achievement_securityalert/81 (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1022478 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1 (af854a3a-2127-422b-91ae-364da2661108)
http://support.apple.com/kb/HT4077 (af854a3a-2127-422b-91ae-364da2661108)
http://support.apple.com/kb/HT4225 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2009:294 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2009:330 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mozilla.org/security/announce/2009/mfsa2009-59.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/misc.c Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.opera.com/support/kb/view/942/ (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2009-1601.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2010-0153.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2010-0154.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/507977/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/507979/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/508417/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/508423/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/35510 Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-915-1 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/3297 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/3299 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/3334 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/0094 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/0648 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/0650 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.mozilla.org/show_bug.cgi?id=516396 (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.mozilla.org/show_bug.cgi?id=516862 (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2018/11/msg00001.html (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6528 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9541 (af854a3a-2127-422b-91ae-364da2661108)