Published: 04/12/2009 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Subscribe to Libexpat Project

The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent malicious users to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libexpat_project libexpat 2.0.1
apache http server

Synopsis Important: Red Hat JBoss Enterprise Application Platform 6418 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application PlatformRed Hat Product Security has rated this update as having a security impact of Important A Co ...

Debian Bug report logs - #560901 expat: CVE-2009-3560 Package: expat; Maintainer for expat is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Source for expat is src:expat (PTS, buildd, popcon) Reported by: Michael Gilbert <michaelsgilbert@gmailcom> Date: Sun, 13 Dec 2009 01:48:05 UTC Severity: serious Tags: security ...

Jan Lieskovsky discovered an error in expat, an XML parsing C library, when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library For the oldstable distribution (etch), this problem has been fixed in version 1958-34+etch2 For the stable distribution (lenny), this problem has been fixed in version 20 ...

Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that the embedded Expat copy in the interpreter for the Python language, does not properly process malformed or crafted XML files (CVE-2009-3560 CVE-2009-3720) This vulnerability could allow an attacker to cause a denial of service while parsing a malformed XML file In addition, this updat ...

USN-890-1 fixed vulnerabilities in Expat This update provides the corresponding updates for the PyExpat module in Python 24 ...

USN-890-1 fixed vulnerabilities in Expat This update provides the corresponding updates for XML-RPC for C and C++ ...

USN-890-1 fixed vulnerabilities in Expat This update provides the corresponding updates for the PyExpat module in Python 25 ...

Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash (CVE-2009-2625, CVE-2009-3720) ...

USN-890-1 fixed vulnerabilities in Expat This update provides the corresponding updates for CMake ...

USN-890-1 fixed vulnerabilities in Expat This update provides the corresponding updates for PyXML ...

CWE-119 http://sunsolve.sun.com/search/document.do?assetkey=1-66-273630-1 http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.165 https://bugzilla.redhat.com/show_bug.cgi?id=533174 http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=log#rev1.165 http://www.securityfocus.com/bid/37203 http://mail.python.org/pipermail/expat-bugs/2009-November/002846.html http://secunia.com/advisories/37537 http://www.securitytracker.com/id?1023278 http://www.mandriva.com/security/advisories?name=MDVSA-2009:316 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00394.html https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00413.html https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00370.html http://www.debian.org/security/2009/dsa-1953 http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html http://www.ubuntu.com/usn/USN-890-1 http://secunia.com/advisories/38231 http://secunia.com/advisories/38834 http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://secunia.com/advisories/38794 http://secunia.com/advisories/38832 http://www.vupen.com/english/advisories/2010/0528 http://www.ubuntu.com/usn/USN-890-6 http://secunia.com/advisories/39478 http://www.vupen.com/english/advisories/2010/0896 http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://www.vupen.com/english/advisories/2010/1107 http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://secunia.com/advisories/41701 http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026 http://www.vupen.com/english/advisories/2011/0359 http://secunia.com/advisories/43300 http://www.redhat.com/support/errata/RHSA-2011-0896.html http://marc.info/?l=bugtraq&m=130168502603566&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6883 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12942 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10613 https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E https://access.redhat.com/errata/RHSA-2017:3239 https://nvd.nist.gov https://usn.ubuntu.com/890-3/https://www.debian.org/security/./dsa-1953

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook