CVE-2004-0989

Publication date 1 March 2005

Last updated 17 July 2025

Ubuntu priority

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libxml	7.04 feisty	Fixed 1.8.17-12
	6.10 edgy	Fixed 1.8.17-12
	6.06 LTS dapper	Fixed 1.8.17-12
libxml2	7.04 feisty	Fixed 2.6.24.dfsg-1ubuntu1
	6.10 edgy	Fixed 2.6.24.dfsg-1ubuntu1
	6.06 LTS dapper	Fixed 2.6.24.dfsg-1ubuntu1

References

Related Ubuntu Security Notices (USN)

USN-89-1
XML library vulnerabilities
28 February 2005

Other references

https://www.cve.org/CVERecord?id=CVE-2004-0989