CVE-2009-3560

Опубликовано: 04 дек. 2009

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.

Ссылки

http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.165
Permissions Required
http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=log#rev1.165
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
Third Party Advisory
VDB Entry
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
Third Party Advisory
VDB Entry
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
Third Party Advisory
VDB Entry
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
Third Party Advisory
VDB Entry
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
Broken Link
http://mail.python.org/pipermail/expat-bugs/2009-November/002846.html
Exploit
http://marc.info/?l=bugtraq&m=130168502603566&w=2
Mailing List
Third Party Advisory
http://secunia.com/advisories/37537
Broken Link
http://secunia.com/advisories/38231
Broken Link
http://secunia.com/advisories/38794
Broken Link
http://secunia.com/advisories/38832
Broken Link
http://secunia.com/advisories/38834
Broken Link
http://secunia.com/advisories/39478
Broken Link
http://secunia.com/advisories/41701
Broken Link
http://secunia.com/advisories/43300
Broken Link
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026
Mailing List
Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273630-1
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:libexpat_project:libexpat:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:xmltwig:xml-twig_for_perl:*:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

Версия от 2.0.35 (включая) до 2.0.64 (исключая)

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

Версия от 2.2.0 (включая) до 2.2.17 (исключая)

EPSS

Процентиль: 89%

0.04481

Низкий

5 Medium

CVSS2

Дефекты

CWE-119

Связанные уязвимости

CVE-2009-3560

ubuntu

больше 15 лет назад

CVE-2009-3560

redhat

больше 15 лет назад

CVE-2009-3560

debian

больше 15 лет назад

The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, a ...

GHSA-pcgv-8c5g-4m8p

github

около 3 лет назад

BDU:2015-02829

fstec

больше 10 лет назад

Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить доступность защищаемой информации

EPSS

Процентиль: 89%

0.04481

Низкий

5 Medium

CVSS2

Дефекты

CWE-119