The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

New Record for the Largest CVE Entry


Last week my script that processes and logs daily CVE changes broke.  It truncated inputs larger than 16000 bytes, because I believed that no CVE entry should ever be that large, therefore indicating some sort of trouble if it ever was.  Guess what…  The entry for CVE-2006-4339 reached 16941 bytes, with 352 references.  This is an OpenSSL issue, and highlights how much we are dependent on it.  It’s impressive work from MITRE’s CVE team in locating and keeping track of all these references.


Posted by Jevin
on Monday, March 31, 2008 at 06:04 AM

Wouldn’t it be something if an extra long CVE caused an exploitable heap overflow?

Posted by Chris
on Monday, March 31, 2008 at 06:07 PM

What is the biggest other than that?  Can I guess that it is the SNMP one from 2002 or so?

Posted by Pascal Meunier
on Tuesday, April 1, 2008 at 08:36 AM

I know why you’re thinking of the SNMP issues, because they were so widespread and were big news.  However, below are the 50 largest ones (clipping the titles), and it’s not in there.  Just to clarify, I don’t believe that the size or number of references is a reliable measurement of the importance of a vulnerable program, although there may be some loose correlation overall within some well-defined categories of software.  The sorting of issues below is merely for curiosity’s sake, and the absence of the SNMP issues from this list doesn’t diminish the impact of their discovery at the time.

#1 (size 16941): CVE-2006-4339,Candidate,“OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8

#2 (size 12171): CVE-2006-2940,Candidate,“OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier ver

#3 (size 11650): CVE-2006-2937,Candidate,“OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote

#4 (size 11239): CVE-2006-4343,Candidate,“The get_server_hello function in the SSLv2 client code in OpenSSL

#5 (size 10436): CVE-2006-3738,Candidate,“Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL

#6 (size 10310): CVE-2005-3191,Candidate,“Multiple heap-based buffer overflows in the (1) DCTStream::readPr

#7 (size 10170): CVE-2000-0138,Candidate,“A system has a distributed denial of service (DDOS) attack master

#8 (size 9871): CVE-2005-3193,Candidate,“Heap-based buffer overflow in the JPXStream::readCodestream funct

#9 (size 9667): CVE-2005-3192,Candidate,“Heap-based buffer overflow in the StreamPredictor function in Xpd

#10 (size 8039): CVE-2005-2856,Candidate,“Stack-based buffer overflow in the WinACE UNACEV2.DLL third-party

#11 (size 7582): CVE-2005-3627,Candidate,“ in Xpdf, as used in products such as gpdf, kpdf, pdftoh

#12 (size 7527): CVE-2007-5393,Candidate,“Heap-based buffer overflow in the CCITTFaxStream::lookChar method

#13 (size 7352): CVE-2007-0018,Candidate,“Stack-based buffer overflow in the NCTAudioFile2.AudioFile Active

#14 (size 7352): CVE-2007-3387,Candidate,“Integer overflow in the StreamPredictor::StreamPredictor function

#15 (size 7286): CVE-2005-3625,Candidate,“Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler,

#16 (size 7198): CVE-2005-3626,Candidate,“Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler,

#17 (size 7012): CVE-2005-3624,Candidate,“The CCITTFaxStream::CCITTFaxStream function in for xpdf

#18 (size 6990): CVE-2007-2446,Candidate,“Multiple heap-based buffer overflows in the NDR parsing in smbd i

#19 (size 6905): CVE-2006-1730,Candidate,“Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.

#20 (size 6864): CVE-2007-4352,Candidate,“Array index error in the DCTStream::readProgressiveDataUnit metho

#21 (size 6776): CVE-2007-5392,Candidate,“Integer overflow in the DCTStream::reset method in xpdf/

#22 (size 6772): CVE-2006-0058,Candidate,“Signal handler race condition in Sendmail 8.13.x before 8.13.6 al

#23 (size 6771): CVE-2006-4253,Candidate,“Concurrency vulnerability in Mozilla Firefox and earlier

#24 (size 6758): CVE-2006-1728,Candidate,“Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x

#25 (size 6712): CVE-2006-4924,Candidate,“sshd in OpenSSH before 4.4, when using the version 1 SSH protocol

#26 (size 6638): CVE-2007-5339,Candidate,“Multiple vulnerabilities in Mozilla Firefox before, Thund

#27 (size 6636): CVE-2007-1558,Candidate,“The APOP protocol allows remote attackers to guess the first 3 ch

#28 (size 6605): CVE-2006-3747,Candidate,“Off-by-one error in the ldap scheme handling in the Rewrite modul

#29 (size 6535): CVE-2007-0008,Candidate,“Integer underflow in the SSLv2 support in Mozilla Network Securit

#30 (size 6464): CVE-2006-5020,Candidate,“Multiple PHP remote file inclusion vulnerabilities in SolidState

#31 (size 6453): CVE-2006-4340,Candidate,“Mozilla Network Security Service (NSS) library before 3.11.3, as

#32 (size 6305): CVE-2007-5340,Candidate,“Multiple vulnerabilities in the Javascript engine in Mozilla Fire

#33 (size 6280): CVE-2007-0494,Candidate,“ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.

#34 (size 6126): CVE-2005-2969,Candidate,“The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h

#35 (size 6093): CVE-2006-6077,Candidate,“The (1) Password Manager in Mozilla Firefox 2.0, and and

#36 (size 6058): CVE-2006-1727,Candidate,“Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x

#37 (size 6044): CVE-2007-2926,Candidate,“ISC BIND 9 through 9.5.0a5 uses a weak random number generator du

#38 (size 6008): CVE-2007-3896,Candidate,“The URL handling in Shell32.dll in the Windows shell in Microsoft

#39 (size 6007): CVE-2007-5135,Candidate,“Off-by-one error in the SSL_get_shared_ciphers function in OpenSS

#40 (size 5940): CVE-2006-3811,Candidate,“Multiple vulnerabilities in Mozilla Firefox before, Thund

#41 (size 5913): CVE-2006-3806,Candidate,“Multiple integer overflows in the Javascript engine in Mozilla Fi

#42 (size 5898): CVE-2007-0009,Candidate,“Stack-based buffer overflow in the SSLv2 support in Mozilla Netwo

#43 (size 5873): CVE-2006-3807,Candidate,“Mozilla Firefox before, Thunderbird before, and S

#44 (size 5798): CVE-2006-0749,Candidate,“nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x befo

#45 (size 5797): CVE-2007-3304,Candidate,“Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM modul

#46 (size 5761): CVE-2007-6429,Candidate,“Multiple integer overflows in X.Org Xserver before 1.4.1 allow co

#47 (size 5758): CVE-2006-3805,Candidate,“The Javascript engine in Mozilla Firefox before, Thunderb

#48 (size 5737): CVE-2007-1351,Candidate,“Integer overflow in the bdfReadCharacters function in bdfread.c i

#49 (size 5638): CVE-2006-0296,Candidate,“The XULDocument.persist function in Mozilla, Firefox before 1.5.0

#50 (size 5606): CVE-2007-3999,Candidate,“Stack-based buffer overflow in the svcauth_gss_validate function

Leave a comment

Commenting is not available in this section entry.