{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"critical"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2004-0989","title":"Title"},{"category":"description","text":"Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2004-0989","url":"https://www.suse.com/security/cve/CVE-2004-0989"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 62670 for CVE-2004-0989","url":"https://bugzilla.suse.com/62670"},{"category":"external","summary":"SUSE Bug 64362 for CVE-2004-0989","url":"https://bugzilla.suse.com/64362"},{"category":"external","summary":"Advisory link for SUSE-SA:2004:040","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QPUVV23W53DAOCPMS4AUPK4KE3CRURRK/#QPUVV23W53DAOCPMS4AUPK4KE3CRURRK"},{"category":"external","summary":"Advisory link for SUSE-SR:2005:001","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RB6TW2F2XPWGXOQ7IMXK6STBK2JOW6CU/#RB6TW2F2XPWGXOQ7IMXK6STBK2JOW6CU"}],"title":"SUSE CVE CVE-2004-0989","tracking":{"current_release_date":"2023-12-09T03:44:28Z","generator":{"date":"2023-02-15T06:20:07Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2004-0989","initial_release_date":"2023-02-15T06:20:07Z","revision_history":[{"date":"2023-02-15T06:20:07Z","number":"2","summary":"Current version"},{"date":"2023-12-08T05:22:55Z","number":"3","summary":"Current version"},{"date":"2023-12-09T03:44:28Z","number":"4","summary":"Current version"}],"status":"interim","version":"4"}}}