Описание
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | xmlrpc-c | Will not fix | ||
| Red Hat Enterprise Linux 6 | compat-expat1 | Not affected | ||
| Red Hat Enterprise Linux 6 | expat | Not affected | ||
| Red Hat Enterprise Linux 7 | expat | Not affected | ||
| Red Hat Enterprise Linux 3 | expat | Fixed | RHSA-2009:1625 | 07.12.2009 |
| Red Hat Enterprise Linux 4 | expat | Fixed | RHSA-2009:1625 | 07.12.2009 |
| Red Hat Enterprise Linux 5 | expat | Fixed | RHSA-2009:1625 | 07.12.2009 |
| Red Hat JBoss Enterprise Application Platform 6.4 | Fixed | RHSA-2017:3239 | 16.11.2017 | |
| Red Hat JBoss Web Server 1.0 | Fixed | RHSA-2011:0896 | 22.06.2011 |
Показывать по
Дополнительная информация
Статус:
EPSS
5 Medium
CVSS2
Связанные уязвимости
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, a ...
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.
Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить доступность защищаемой информации
EPSS
5 Medium
CVSS2