vendor:
KDELibs
by:
Maksymilian Arciemowicz and sp3x
7.5
CVSS
HIGH
Remote Array Overrun
119
CWE
Product Name: KDELibs
Affected Version From: KDELibs 4.3.3
Affected Version To: KDELibs 4.3.3
Patch Exists: YES
Related CWE: CVE-2009-0689
CPE: a:kde:kdelibs:4.3.3
Metasploit:
https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0153/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0154/, https://www.rapid7.com/db/vulnerabilities/apple-osx-libsystem-cve-2009-0689/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2014-0312/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2009-1601/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2014-0311/, https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2009-0689/, https://www.rapid7.com/db/vulnerabilities/debian-cve-2009-0689/, https://www.rapid7.com/db/vulnerabilities/freebsd-vid-4b3a7e70-afce-11e5-b864-14dae9d210b8/, https://www.rapid7.com/db/vulnerabilities/mfsa2009-59-cve-2009-0689/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2009-0689/
Other Scripts:
https://www.infosecmatter.com/nessus-plugin-library/?id=46271, https://www.infosecmatter.com/nessus-plugin-library/?id=63923, https://www.infosecmatter.com/nessus-plugin-library/?id=42890, https://www.infosecmatter.com/nessus-plugin-library/?id=42288, https://www.infosecmatter.com/nessus-plugin-library/?id=45372, https://www.infosecmatter.com/nessus-plugin-library/?id=42287, https://www.infosecmatter.com/nessus-plugin-library/?id=45093, https://www.infosecmatter.com/nessus-plugin-library/?id=45373, https://www.infosecmatter.com/nessus-plugin-library/?id=67948, https://www.infosecmatter.com/nessus-plugin-library/?id=43379
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: None
2009
KDE KDELibs 4.3.3 Remote Array Overrun (Arbitrary code execution)
KDELibs is a collection of libraries built on top of Qt that provides frameworks and functionality for developers of KDE-compatible software. The KDELibs libraries are licensed under LGPL. The main problem exist in dtoa implementation. KDE has a very similar dtoa algorithm to the BSD, Chrome and Mozilla products. Problem exist in dtoa.cpp file and it is the same like SREASONRES:20090625. We can create any number of float, which will overwrite the memory. In Kmax has defined 15. Functions in dtoa, don't checks Kmax limit, and it is possible to call 16<= elements of freelist array.
Mitigation:
KDE has released a patch for this vulnerability.