CVE-2004-0989

libXML 2.6.12-2.6.13 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-0989. PoCs published by Sean.

AI-analyzed exploit summary This exploit targets a stack-based buffer overflow in libxml2's URI parsing functionality (CVE-2004-0989). It crafts a malicious URI with NOP sleds and shellcode to achieve remote code execution via the xmlNanoFTPNewCtxt function.

Description

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Sean · cremotelinux

https://www.exploit-db.com/exploits/24704

View Code ZIP pw:eip

This exploit targets a stack-based buffer overflow in libxml2's URI parsing functionality (CVE-2004-0989). It crafts a malicious URI with NOP sleds and shellcode to achieve remote code execution via the xmlNanoFTPNewCtxt function.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: libxml2 2.6.12 through 2.6.14

No auth needed

Prerequisites: Vulnerable libxml2 version · Network access to target service using libxml2

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (22)

Core 22

Core References

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=109880813013482&w=2

Third Party Advisory, US Government Resource third-party-advisory government-resource x_refsource_ciac

http://www.ciac.org/ciac/bulletins/p-029.shtml

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/11179

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1011941

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2004-615.html

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/11526

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10505

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/17872

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2004-650.html

Third Party Advisory vendor-advisory x_refsource_gentoo

http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml

Vendor Advisory vendor-advisory x_refsource_conectiva

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000890

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/11324

Vendor Advisory vendor-advisory x_refsource_suse

http://www.novell.com/linux/security/advisories/2005_01_sr.html

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1173

Vendor Advisory vendor-advisory x_refsource_ubuntu

https://www.ubuntu.com/usn/usn-89-1/

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/13000

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2004/dsa-582

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/17870

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/17875

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/11180

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/17876

Scores

EPSS 0.2169

EPSS Percentile 97.3%

Details

Status published

Products (15)

redhat/fedora_core core_2.0

trustix/secure_linux 2.0

trustix/secure_linux 2.1

ubuntu/ubuntu_linux 4.1 (2 CPE variants)

xmlsoft/libxml 1.8.17

xmlsoft/libxml2 2.5.11

xmlsoft/libxml2 2.6.6

xmlsoft/libxml2 2.6.7

xmlsoft/libxml2 2.6.8

xmlsoft/libxml2 2.6.9

... and 5 more

Published Mar 01, 2005

Tracked Since Feb 18, 2026