What is CVE-2009-0689?

CVE-2009-0689 is a vulnerability in Freebsd, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2009-07-01.

Is CVE-2009-0689 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Freebsd

CVE-2009-0689

Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5…

Vulnerability class: Buffer Overflow

EPSS: 0.282 (97.9th percentile) — read the EPSS interpretation.

Affected products

Freebsd — versions 6.4, 7.2
K-meleon_project K-meleon — versions 1.5.3
Mozilla Firefox — versions 3.0.1, 3.0.2, 3.0.3
Mozilla Seamonkey — versions 1.1.8
Netbsd — versions 5.0
Openbsd — versions 4.5
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

References

cret@cert.org (x_refsource_CONFIRM, Patch)
cret@cert.org (x_refsource_MISC, Vendor Advisory)
cret@cert.org (x_refsource_CONFIRM)
cret@cert.org (Exploit, x_refsource_SREASONRES, third-party-advisory)
cret@cert.org (mailing-list, x_refsource_BUGTRAQ)
cret@cert.org (x_refsource_SREASONRES, third-party-advisory)
cret@cert.org (x_refsource_REDHAT, vendor-advisory)
cret@cert.org (x_refsource_SREASONRES, third-party-advisory)
cret@cert.org (vendor-advisory, x_refsource_MANDRIVA)
cret@cert.org (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)

Frequently asked questions

What is CVE-2009-0689?: CVE-2009-0689 is a vulnerability in Freebsd, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2009-07-01.
Is CVE-2009-0689 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.