| Vulnerability Name: | CVE-2009-0585 (CCN-49273) | ||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2009-03-12 | ||||||||||||||||||||||||||||||||||||||||
| Published: | 2009-03-12 | ||||||||||||||||||||||||||||||||||||||||
| Updated: | 2023-02-13 | ||||||||||||||||||||||||||||||||||||||||
| Summary: | Integer overflow in the soup_base64_encode function in soup-misc.c in libsoup 2.x.x before 2.2.x, and 2.x before 2.24, allows context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation. | ||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
3.8 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-190 | ||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2009-0585 Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: GNOME Live! Web site libsoup Source: secalert@redhat.com Type: Patch secalert@redhat.com Source: secalert@redhat.com Type: Patch secalert@redhat.com Source: CCN Type: RHSA-2009-0344 Moderate: libsoup security update Source: CCN Type: SA34310 libsoup "soup_base64_encode()" Integer Overflow Vulnerability Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: ASA-2009-088 libsoup security update (RHSA-2009-0344) Source: CCN Type: GNOME SVN Repository glib/gbase64.c: Avoid integer overflows in the base64 functions. Fixes CVE-2008-4316 Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: DEBIAN Type: DSA-1748 libsoup -- integer overflow Source: CCN Type: GNOME Web site GNOME: The Free Software Desktop Project Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: oCERT Advisories #2008-015 glib and glib-predecessor heap overflows Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: BID-34100 GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities Source: secalert@redhat.com Type: Patch secalert@redhat.com Source: CCN Type: USN-737-1 libsoup vulnerability Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: XF Type: UNKNOWN libsoup-soupmisc-bo(49273) Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: SUSE Type: SUSE-SR:2009:010 SUSE Security Summary Report | ||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration RedHat 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||