CVE-2009-0689

Categorias

Overflow

EPSS

41.76%V4

Vetor

Network

Publicado

2009-07-01
12h26 +00:00

Modificado

2024-08-07
04h40 +00:00

Links oficiais

CVE.org

NVD

Notificações para um CVE

Fique informado sobre quaisquer alterações para um CVE específico.

Gerenciar notificações

Alertas personalizados

Ative seus alertas personalizados!

Para ativar seus alertas, basta estar conectado à sua conta gratuita. Se ainda não estiver conectado, escolha uma das opções abaixo.

Entrar na sua conta Criar uma conta Gratuita

Notificações para um CVE

Fique informado sobre quaisquer alterações para um CVE específico.

Critério aplicado ao enviar o alerta: comparado com o último alerta enviado + diferenças em CISA, EPSS, CVSS, CWE, Soluções, CPE.

Parâmetros

Você pode especificar um título que será recuperado nos alertas que serão enviados.

Especifique aqui um ID de CVE como CVE-2025-1234

Agendamento

Mês

Cálculo da próxima execução

Dia

Dia da semana

Hora

Minuto

Data de criação

Última execução

Próxima execução

Descrições CVE

Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.

Informações CVE

Fraquezas Relacionadas

CWE-ID	Nome da Fraqueza	Source
CWE-119	Improper Restriction of Operations within the Bounds of a Memory Buffer The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Métricas

Métricas	Pontuação	Gravidade	CVSS Vetor	Source
V2	6.8		AV:N/AC:M/Au:N/C:P/I:P/A:P	nvd@nist.gov

EPSS

O EPSS é um modelo de pontuação que prevê a probabilidade de uma vulnerabilidade ser explorada.

Pontuação EPSS

O modelo EPSS produz uma pontuação de probabilidade entre 0 e 1 (0 e 100%). Quanto maior a pontuação, maior a probabilidade de uma vulnerabilidade ser explorada.

Percentil EPSS

O percentil é usado para classificar os CVEs de acordo com sua pontuação EPSS. Por exemplo, um CVE no percentil 95 segundo sua pontuação EPSS tem mais probabilidade de ser explorado do que 95% dos outros CVEs. Assim, o percentil é usado para comparar a pontuação EPSS de um CVE com a de outros CVEs.

EPSS First.org

Informações sobre exploit

Exploit Database EDB-ID : 33480

Data de publicação : 2010-01-07 23h00 +00:00
Autor : Maksymilian Arciemowicz
Verificado pelo EDB : Yes

Exploit Database EDB-ID : 33312

Data de publicação : 2009-10-26 23h00 +00:00
Autor : Alin Rad Pop
Verificado pelo EDB : Yes

Exploit Database EDB-ID : 33364

Data de publicação : 2009-11-19 23h00 +00:00
Autor : Maksymilian Arciemowicz
Verificado pelo EDB : Yes

Exploit Database EDB-ID : 33058

Data de publicação : 2009-05-25 22h00 +00:00
Autor : Maksymilian Arciemowicz
Verificado pelo EDB : Yes

Exploit Database EDB-ID : 33363

Data de publicação : 2009-11-19 23h00 +00:00
Autor : Maksymilian Arciemowicz
Verificado pelo EDB : Yes

Exploit Database EDB-ID : 33479

Data de publicação : 2010-01-07 23h00 +00:00
Autor : Maksymilian Arciemowicz
Verificado pelo EDB : Yes

Exploit Database EDB-ID : 10380

Data de publicação : 2009-12-10 23h00 +00:00
Autor : Maksymilian Arciemowicz & sp3x
Verificado pelo EDB : No

Products Mentioned

Configuraton 0

K-meleon_project>>K-meleon >> Version 1.5.3

Mozilla>>Firefox >> Version 3.0.1

Mozilla>>Firefox >> Version 3.0.2

Mozilla>>Firefox >> Version 3.0.3

Mozilla>>Firefox >> Version 3.0.4

Mozilla>>Firefox >> Version 3.0.5

Mozilla>>Firefox >> Version 3.0.6

Mozilla>>Firefox >> Version 3.0.7

Mozilla>>Firefox >> Version 3.0.8

Mozilla>>Firefox >> Version 3.0.9

Mozilla>>Firefox >> Version 3.0.10

Mozilla>>Firefox >> Version 3.0.11

Mozilla>>Firefox >> Version 3.0.12

Mozilla>>Firefox >> Version 3.0.13

Mozilla>>Firefox >> Version 3.0.14

Mozilla>>Firefox >> Version 3.5

Mozilla>>Firefox >> Version 3.5.1

Mozilla>>Firefox >> Version 3.5.2

Mozilla>>Firefox >> Version 3.5.3

Mozilla>>Seamonkey >> Version 1.1.8

Freebsd>>Freebsd >> Version 6.4

Freebsd>>Freebsd >> Version 7.2

Netbsd>>Netbsd >> Version 5.0

Openbsd>>Openbsd >> Version 4.5

Referências

http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gdtoa/gdtoaimp.h
Tags : x_refsource_CONFIRM

http://secunia.com/secunia_research/2009-35/
Tags : x_refsource_MISC

https://bugzilla.mozilla.org/show_bug.cgi?id=516862
Tags : x_refsource_CONFIRM

http://securityreason.com/achievement_securityalert/63
Tags : third-party-advisory, x_refsource_SREASONRES

http://www.securityfocus.com/archive/1/507979/100/0/threaded
Tags : mailing-list, x_refsource_BUGTRAQ

http://securityreason.com/achievement_securityalert/78
Tags : third-party-advisory, x_refsource_SREASONRES

http://www.redhat.com/support/errata/RHSA-2010-0153.html
Tags : vendor-advisory, x_refsource_REDHAT

http://securityreason.com/achievement_securityalert/75
Tags : third-party-advisory, x_refsource_SREASONRES

http://www.mandriva.com/security/advisories?name=MDVSA-2009:330
Tags : vendor-advisory, x_refsource_MANDRIVA

http://secunia.com/advisories/39001
Tags : third-party-advisory, x_refsource_SECUNIA

http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
Tags : vendor-advisory, x_refsource_SUSE

http://www.securityfocus.com/archive/1/507977/100/0/threaded
Tags : mailing-list, x_refsource_BUGTRAQ

http://support.apple.com/kb/HT4225
Tags : x_refsource_CONFIRM

http://securityreason.com/achievement_securityalert/73
Tags : third-party-advisory, x_refsource_SREASONRES

http://securityreason.com/achievement_securityalert/72
Tags : third-party-advisory, x_refsource_SREASONRES

http://www.mozilla.org/security/announce/2009/mfsa2009-59.html
Tags : x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2010/0094
Tags : vdb-entry, x_refsource_VUPEN

http://www.vupen.com/english/advisories/2010/0648
Tags : vdb-entry, x_refsource_VUPEN

http://www.vupen.com/english/advisories/2010/0650
Tags : vdb-entry, x_refsource_VUPEN

http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1
Tags : vendor-advisory, x_refsource_SUNALERT

http://www.vupen.com/english/advisories/2009/3299
Tags : vdb-entry, x_refsource_VUPEN

http://www.redhat.com/support/errata/RHSA-2009-1601.html
Tags : vendor-advisory, x_refsource_REDHAT

http://www.securityfocus.com/archive/1/508423/100/0/threaded
Tags : mailing-list, x_refsource_BUGTRAQ

http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Tags : vendor-advisory, x_refsource_APPLE

https://lists.debian.org/debian-lts-announce/2018/11/msg00001.html
Tags : mailing-list, x_refsource_MLIST

http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
Tags : vendor-advisory, x_refsource_SUSE

http://rhn.redhat.com/errata/RHSA-2014-0312.html
Tags : vendor-advisory, x_refsource_REDHAT

http://secunia.com/advisories/37683
Tags : third-party-advisory, x_refsource_SECUNIA

http://secunia.com/advisories/38977
Tags : third-party-advisory, x_refsource_SECUNIA

http://www.opera.com/support/kb/view/942/
Tags : x_refsource_CONFIRM

http://securityreason.com/achievement_securityalert/69
Tags : third-party-advisory, x_refsource_SREASONRES

http://www.redhat.com/support/errata/RHSA-2010-0154.html
Tags : vendor-advisory, x_refsource_REDHAT

http://support.apple.com/kb/HT4077
Tags : x_refsource_CONFIRM

https://bugzilla.mozilla.org/show_bug.cgi?id=516396
Tags : x_refsource_CONFIRM

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6528
Tags : vdb-entry, signature, x_refsource_OVAL

http://secunia.com/advisories/37682
Tags : third-party-advisory, x_refsource_SECUNIA

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9541
Tags : vdb-entry, signature, x_refsource_OVAL

http://secunia.com/advisories/38066
Tags : third-party-advisory, x_refsource_SECUNIA

http://www.ubuntu.com/usn/USN-915-1
Tags : vendor-advisory, x_refsource_UBUNTU

http://www.securityfocus.com/archive/1/508417/100/0/threaded
Tags : mailing-list, x_refsource_BUGTRAQ

http://rhn.redhat.com/errata/RHSA-2014-0311.html
Tags : vendor-advisory, x_refsource_REDHAT

http://www.vupen.com/english/advisories/2009/3297
Tags : vdb-entry, x_refsource_VUPEN

http://securityreason.com/achievement_securityalert/76
Tags : third-party-advisory, x_refsource_SREASONRES

http://secunia.com/advisories/37431
Tags : third-party-advisory, x_refsource_SECUNIA

http://securityreason.com/achievement_securityalert/81
Tags : third-party-advisory, x_refsource_SREASONRES

http://securityreason.com/achievement_securityalert/71
Tags : third-party-advisory, x_refsource_SREASONRES

http://securitytracker.com/id?1022478
Tags : vdb-entry, x_refsource_SECTRACK

http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
Tags : vendor-advisory, x_refsource_APPLE

http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/misc.c
Tags : x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2009/3334
Tags : vdb-entry, x_refsource_VUPEN

http://securityreason.com/achievement_securityalert/77
Tags : third-party-advisory, x_refsource_SREASONRES

http://www.mandriva.com/security/advisories?name=MDVSA-2009:294
Tags : vendor-advisory, x_refsource_MANDRIVA

http://www.securityfocus.com/bid/35510
Tags : vdb-entry, x_refsource_BID

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	45.69%	–	–
2023-03-12	–	–	–	97.22%	–
2023-04-09	–	–	–	96.96%	–
2023-05-21	–	–	–	96.9%	–
2023-07-09	–	–	–	96.93%	–
2023-08-20	–	–	–	97.01%	–
2023-10-08	–	–	–	97%	–
2024-06-02	–	–	–	97%	–
2024-12-22	–	–	–	96.98%	–
2025-01-19	–	–	–	96.98%	–
2025-03-18	–	–	–	–	53.59%
2025-04-06	–	–	–	–	44.77%
2025-05-01	–	–	–	–	36.88%
2025-05-05	–	–	–	–	44.77%
2025-05-16	–	–	–	–	42.32%
2025-06-01	–	–	–	–	37.53%
2025-06-04	–	–	–	–	42.32%
2025-07-01	–	–	–	–	37.53%
2025-07-04	–	–	–	–	42.32%
2025-07-16	–	–	–	–	41.05%
2025-08-01	–	–	–	–	37.53%
2025-08-04	–	–	–	–	41.05%
2025-10-01	–	–	–	–	37.53%
2025-10-04	–	–	–	–	41.05%
2025-11-01	–	–	–	–	37.53%
2025-11-04	–	–	–	–	41.05%
2025-11-12	–	–	–	–	40.94%
2025-12-01	–	–	–	–	34.57%
2025-12-04	–	–	–	–	40.94%
2025-12-14	–	–	–	–	41.76%
2026-01-01	–	–	–	–	39%
2026-01-04	–	–	–	–	41.76%
2026-03-01	–	–	–	–	39%
2026-03-08	–	–	–	–	41.76%

Date	Percentile
2022-02-06	98%
2023-03-12	1%
2023-04-09	1%
2023-05-21	1%
2023-07-09	1%
2023-08-20	1%
2023-10-08	1%
2024-06-02	1%
2024-12-22	1%
2025-01-19	1%
2025-03-18	98%
2025-04-06	97%
2025-05-01	97%
2025-05-05	97%
2025-05-16	97%
2025-06-01	97%
2025-06-04	97%
2025-07-01	97%
2025-07-04	97%
2025-07-16	97%
2025-08-01	97%
2025-08-04	97%
2025-10-01	97%
2025-10-04	97%
2025-11-01	97%
2025-11-04	97%
2025-11-12	97%
2025-12-01	97%
2025-12-04	97%
2025-12-14	97%
2026-01-01	97%
2026-01-04	97%
2026-03-01	97%
2026-03-08	97%

CVE-2009-0689 : Detalhe

CVE-2009-0689

Descrições CVE

Informações CVE

Fraquezas Relacionadas

Métricas

EPSS

Pontuação EPSS

Percentil EPSS

Informações sobre exploit

Exploit Database EDB-ID : 33480

Exploit Database EDB-ID : 33312

Exploit Database EDB-ID : 33364

Exploit Database EDB-ID : 33058

Exploit Database EDB-ID : 33363

Exploit Database EDB-ID : 33479

Exploit Database EDB-ID : 10380

Products Mentioned

Configuraton 0

Referências