{ "containers": { "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-08-10T00:00:00.000Z", "descriptions": [ { "lang": "en", "value": "Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-10-10T18:57:01.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "USN-815-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "http://www.ubuntu.com/usn/USN-815-1" }, { "name": "FEDORA-2009-8491", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00537.html" }, { "name": "36631", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36631" }, { "name": "oval:org.mitre.oval:def:9262", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9262" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=515205" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.openoffice.org/security/cves/CVE-2009-2414-2416.html" }, { "name": "APPLE-SA-2009-11-11-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html" }, { "name": "ADV-2009-3217", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/3217" }, { "name": "37471", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37471" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT4225" }, { "name": "ADV-2009-2420", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/2420" }, { "name": "FEDORA-2009-8580", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00642.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" }, { "name": "36417", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36417" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.cert.fi/en/reports/2009/vulnerability2009085.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://www.codenomicon.com/labs/xml/" }, { "name": "SUSE-SR:2009:015", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3949" }, { "name": "[debian-bugs-dist] 20090810 Bug#540865: libxml2: CVE-2009-2414, CVE-2009-2416 pointer-user-after-free and stack overflow because of function recursion", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg678527.html" }, { "name": "36010", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/36010" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html" }, { "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59" }, { "name": "35036", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/35036" }, { "name": "36338", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36338" }, { "name": "FEDORA-2009-8498", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00547.html" }, { "name": "oval:org.mitre.oval:def:7783", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7783" }, { "name": "ADV-2009-3184", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/3184" }, { "name": "DSA-1859", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2009/dsa-1859" }, { "name": "APPLE-SA-2009-11-09-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" }, { "name": "APPLE-SA-2010-06-21-1", "tags": [ "vendor-advisory", "x_refsource_APPLE" ], "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" }, { "name": "37346", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/37346" }, { "name": "ADV-2009-3316", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2009/3316" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://support.apple.com/kb/HT3937" }, { "name": "36207", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/36207" } ] }, "adp": [ { "providerMetadata": { "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:52:14.792Z" }, "title": "CVE Program Container", "references": [ { "name": "USN-815-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "http://www.ubuntu.com/usn/USN-815-1" }, { "name": "FEDORA-2009-8491", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00537.html" }, { "name": "36631", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36631" }, { "name": "oval:org.mitre.oval:def:9262", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9262" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=515205" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.openoffice.org/security/cves/CVE-2009-2414-2416.html" }, { "name": "APPLE-SA-2009-11-11-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html" }, { "name": "ADV-2009-3217", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/3217" }, { "name": "37471", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37471" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT4225" }, { "name": "ADV-2009-2420", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/2420" }, { "name": "FEDORA-2009-8580", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00642.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" }, { "name": "36417", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36417" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.cert.fi/en/reports/2009/vulnerability2009085.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.codenomicon.com/labs/xml/" }, { "name": "SUSE-SR:2009:015", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3949" }, { "name": "[debian-bugs-dist] 20090810 Bug#540865: libxml2: CVE-2009-2414, CVE-2009-2416 pointer-user-after-free and stack overflow because of function recursion", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg678527.html" }, { "name": "36010", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/36010" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html" }, { "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59" }, { "name": "35036", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/35036" }, { "name": "36338", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36338" }, { "name": "FEDORA-2009-8498", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00547.html" }, { "name": "oval:org.mitre.oval:def:7783", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7783" }, { "name": "ADV-2009-3184", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/3184" }, { "name": "DSA-1859", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2009/dsa-1859" }, { "name": "APPLE-SA-2009-11-09-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" }, { "name": "APPLE-SA-2010-06-21-1", "tags": [ "vendor-advisory", "x_refsource_APPLE", "x_transferred" ], "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html" }, { "name": "37346", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/37346" }, { "name": "ADV-2009-3316", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2009/3316" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://support.apple.com/kb/HT3937" }, { "name": "36207", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/36207" } ] }, { "problemTypes": [ { "descriptions": [ { "type": "CWE", "cweId": "CWE-416", "lang": "en", "description": "CWE-416 Use After Free" } ] } ], "metrics": [ { "cvssV3_1": { "scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE" } }, { "other": { "type": "ssvc", "content": { "timestamp": "2024-02-06T15:40:41.228438Z", "id": "CVE-2009-2416", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-21T15:30:42.200Z" } } ] }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-2416", "datePublished": "2009-08-11T18:00:00.000Z", "dateReserved": "2009-07-09T00:00:00.000Z", "dateUpdated": "2025-01-21T15:30:42.200Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }