Back to search
CVE-2009-3560
Published: Dec 4, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
SSA:2011-041-02
vendor-advisory
x_refsource_SLACKWARE
FEDORA-2009-12690
vendor-advisory
x_refsource_FEDORA
38832
third-party-advisory
x_refsource_SECUNIA
1023278
vdb-entry
x_refsource_SECTRACK
USN-890-1
vendor-advisory
x_refsource_UBUNTU
38794
third-party-advisory
x_refsource_SECUNIA
[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates
mailing-list
x_refsource_MLIST
ADV-2010-1107
vdb-entry
x_refsource_VUPEN
DSA-1953
vendor-advisory
x_refsource_DEBIAN
41701
third-party-advisory
x_refsource_SECUNIA
SUSE-SR:2010:011
vendor-advisory
x_refsource_SUSE
oval:org.mitre.oval:def:6883
vdb-entry
signature
x_refsource_OVAL
oval:org.mitre.oval:def:12942
vdb-entry
signature
x_refsource_OVAL
SUSE-SR:2010:013
vendor-advisory
x_refsource_SUSE
[expat-bugs] 20091108 [ expat-Bugs-2894085 ] expat: buffer over-read and crash in big2_toUtf8()
mailing-list
x_refsource_MLIST
SUSE-SR:2010:001
vendor-advisory
x_refsource_SUSE
37203
vdb-entry
x_refsource_BID
USN-890-6
vendor-advisory
x_refsource_UBUNTU
FEDORA-2009-12737
vendor-advisory
x_refsource_FEDORA
38231
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=533174
x_refsource_CONFIRM
SUSE-SR:2010:012
vendor-advisory
x_refsource_SUSE
38834
third-party-advisory
x_refsource_SECUNIA
39478
third-party-advisory
x_refsource_SECUNIA
FEDORA-2009-12716
vendor-advisory
x_refsource_FEDORA
SUSE-SR:2010:014
vendor-advisory
x_refsource_SUSE
oval:org.mitre.oval:def:10613
vdb-entry
signature
x_refsource_OVAL
37537
third-party-advisory
x_refsource_SECUNIA
43300
third-party-advisory
x_refsource_SECUNIA
RHSA-2011:0896
vendor-advisory
x_refsource_REDHAT
ADV-2010-0896
vdb-entry
x_refsource_VUPEN
273630
vendor-advisory
x_refsource_SUNALERT
HPSBUX02645
vendor-advisory
x_refsource_HP
ADV-2011-0359
vdb-entry
x_refsource_VUPEN
MDVSA-2009:316
vendor-advisory
x_refsource_MANDRIVA
ADV-2010-0528
vdb-entry
x_refsource_VUPEN
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1888194 [6/13] - /httpd/site/trunk/content/security/json/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1073139 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now