Search for vulnerabilities
Vulnerability details: VCID-hq4z-qnux-aaag
Vulnerability ID VCID-hq4z-qnux-aaag
Aliases CVE-2009-0689
Summary Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
cvssv3.1 9.8 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
generic_textual MODERATE http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
rhas Critical https://access.redhat.com/errata/RHSA-2009:1530
rhas Critical https://access.redhat.com/errata/RHSA-2009:1531
rhas Critical https://access.redhat.com/errata/RHSA-2009:1601
rhas Moderate https://access.redhat.com/errata/RHSA-2010:0153
rhas Moderate https://access.redhat.com/errata/RHSA-2010:0154
rhas Critical https://access.redhat.com/errata/RHSA-2014:0311
rhas Critical https://access.redhat.com/errata/RHSA-2014:0312
epss 0.2685 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.36879 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.36879 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.36879 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.36879 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.36879 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.36879 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.36879 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.37529 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.37529 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.37529 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.4232 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.4232 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.4232 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.4232 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.4232 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.4232 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.4232 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.4232 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.4232 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.4232 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.4232 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.44772 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.44772 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.44772 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.44772 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.44772 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.44772 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.44772 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.44772 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.44772 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.44772 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.44772 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.44772 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.44772 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.44772 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.44772 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.44772 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.44772 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.44772 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.44772 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.44772 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.44772 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.44772 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.44772 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.44772 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.44772 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.44772 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.44772 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.44772 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.44772 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.44772 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.44772 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.45722 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.53588 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.53588 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.96978 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.96978 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.96997 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.96997 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.96997 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.96997 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.96997 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
epss 0.96997 https://api.first.org/data/v1/epss?cve=CVE-2009-0689
rhbs urgent https://bugzilla.redhat.com/show_bug.cgi?id=539784
cvssv2 6.4 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2009-0689
cvssv3.1 9.8 http://support.apple.com/kb/HT4077
generic_textual MODERATE http://support.apple.com/kb/HT4077
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2009-59
Reference id Reference type URL
http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gdtoa/gdtoaimp.h
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://rhn.redhat.com/errata/RHSA-2014-0311.html
http://rhn.redhat.com/errata/RHSA-2014-0312.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0689.json
https://api.first.org/data/v1/epss?cve=CVE-2009-0689
https://bugzilla.mozilla.org/show_bug.cgi?id=516396
https://bugzilla.mozilla.org/show_bug.cgi?id=516862
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689
http://secunia.com/advisories/37431
http://secunia.com/advisories/37682
http://secunia.com/advisories/37683
http://secunia.com/advisories/38066
http://secunia.com/advisories/38977
http://secunia.com/advisories/39001
http://secunia.com/secunia_research/2009-35/
http://securityreason.com/achievement_securityalert/63
http://securityreason.com/achievement_securityalert/69
http://securityreason.com/achievement_securityalert/71
http://securityreason.com/achievement_securityalert/72
http://securityreason.com/achievement_securityalert/73
http://securityreason.com/achievement_securityalert/75
http://securityreason.com/achievement_securityalert/76
http://securityreason.com/achievement_securityalert/77
http://securityreason.com/achievement_securityalert/78
http://securityreason.com/achievement_securityalert/81
http://securitytracker.com/id?1022478
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.debian.org/debian-lts-announce/2018/11/msg00001.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6528
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9541
http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1
http://support.apple.com/kb/HT4077
http://support.apple.com/kb/HT4225
http://www.mandriva.com/security/advisories?name=MDVSA-2009:294
http://www.mandriva.com/security/advisories?name=MDVSA-2009:330
http://www.mozilla.org/security/announce/2009/mfsa2009-59.html
http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/misc.c
http://www.opera.com/support/kb/view/942/
http://www.redhat.com/support/errata/RHSA-2009-1601.html
http://www.redhat.com/support/errata/RHSA-2010-0153.html
http://www.redhat.com/support/errata/RHSA-2010-0154.html
http://www.securityfocus.com/archive/1/507977/100/0/threaded
http://www.securityfocus.com/archive/1/507979/100/0/threaded
http://www.securityfocus.com/archive/1/508417/100/0/threaded
http://www.securityfocus.com/archive/1/508423/100/0/threaded
http://www.securityfocus.com/bid/35510
http://www.ubuntu.com/usn/USN-915-1
http://www.vupen.com/english/advisories/2009/3297
http://www.vupen.com/english/advisories/2009/3299
http://www.vupen.com/english/advisories/2009/3334
http://www.vupen.com/english/advisories/2010/0094
http://www.vupen.com/english/advisories/2010/0648
http://www.vupen.com/english/advisories/2010/0650
539784 https://bugzilla.redhat.com/show_bug.cgi?id=539784
559265 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559265
cpe:2.3:a:k-meleon_project:k-meleon:1.5.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:k-meleon_project:k-meleon:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:6.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:6.4:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:6.4:release:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:6.4:release:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:6.4:release_p2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:6.4:release_p2:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:6.4:release_p3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:6.4:release_p3:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:6.4:release_p4:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:6.4:release_p4:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:6.4:release_p5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:6.4:release_p5:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:6.4:stable:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:6.4:stable:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:7.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:7.2:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:7.2:pre-release:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:7.2:pre-release:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:7.2:stable:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:7.2:stable:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:5.0:*:*:*:*:*:*:*
cpe:2.3:o:openbsd:openbsd:4.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:openbsd:openbsd:4.5:*:*:*:*:*:*:*
CVE-2009-0689 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/bsd/dos/10185.txt
CVE-2009-0689 https://nvd.nist.gov/vuln/detail/CVE-2009-0689
CVE-2009-0689;OSVDB-61186 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/bsd/dos/10187.txt
CVE-2009-0689;OSVDB-61186 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/33363.txt
CVE-2009-0689;OSVDB-61186 Exploit https://www.securityfocus.com/bid/37078/info
CVE-2009-0689;OSVDB-61187 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/10184.txt
CVE-2009-0689;OSVDB-61187 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33364.txt
CVE-2009-0689;OSVDB-61187 Exploit https://www.securityfocus.com/bid/37080/info
CVE-2009-0689;OSVDB-61189 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33312.txt
CVE-2009-0689;OSVDB-61189 Exploit https://www.securityfocus.com/bid/36851/info
CVE-2009-0689;OSVDB-62402 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/bsd/dos/10186.txt
CVE-2009-0689;OSVDB-63639 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/33058.txt
CVE-2009-0689;OSVDB-63639 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/osx/dos/33479.c
CVE-2009-0689;OSVDB-63639 Exploit https://www.securityfocus.com/bid/35510/info
CVE-2009-0689;OSVDB-63639 Exploit https://www.securityfocus.com/bid/37687/info
CVE-2009-0689;OSVDB-63641 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/33480.txt
CVE-2009-0689;OSVDB-63641 Exploit https://www.securityfocus.com/bid/37688/info
mfsa2009-59 https://www.mozilla.org/en-US/security/advisories/mfsa2009-59
OSVDB-61189;CVE-2009-0689 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/10380.pl
RHSA-2009:1530 https://access.redhat.com/errata/RHSA-2009:1530
RHSA-2009:1531 https://access.redhat.com/errata/RHSA-2009:1531
RHSA-2009:1601 https://access.redhat.com/errata/RHSA-2009:1601
RHSA-2010:0153 https://access.redhat.com/errata/RHSA-2010:0153
RHSA-2010:0154 https://access.redhat.com/errata/RHSA-2010:0154
RHSA-2014:0311 https://access.redhat.com/errata/RHSA-2014:0311
RHSA-2014:0312 https://access.redhat.com/errata/RHSA-2014:0312
USN-871-1 https://usn.ubuntu.com/871-1/
USN-915-1 https://usn.ubuntu.com/915-1/
Data source Exploit-DB
Date added Dec. 10, 2009
Description Sunbird 0.9 - Array Overrun Code Execution
Ransomware campaign use Unknown
Source publication date Dec. 11, 2009
Exploit type remote
Platform windows
Source update date Dec. 9, 2013
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2009-0689
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://support.apple.com/kb/HT4077
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.94167
EPSS Score 0.2685
Published At March 29, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.