Back to search
CVE-2009-3720
Published: Nov 3, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
SSA:2011-041-02
vendor-advisory
x_refsource_SLACKWARE
http://svn.python.org/view?view=rev&revision=74429
x_refsource_CONFIRM
MDVSA-2009:215
vendor-advisory
x_refsource_MANDRIVA
FEDORA-2010-17807
vendor-advisory
x_refsource_FEDORA
FEDORA-2009-12753
vendor-advisory
x_refsource_FEDORA
FEDORA-2009-12690
vendor-advisory
x_refsource_FEDORA
38832
third-party-advisory
x_refsource_SECUNIA
RHSA-2010:0002
vendor-advisory
x_refsource_REDHAT
MDVSA-2009:216
vendor-advisory
x_refsource_MANDRIVA
USN-890-1
vendor-advisory
x_refsource_UBUNTU
SUSE-SR:2009:018
vendor-advisory
x_refsource_SUSE
[oss-security] 20091022 Re: Regarding expat bug 1990430
mailing-list
x_refsource_MLIST
MDVSA-2009:220
vendor-advisory
x_refsource_MANDRIVA
[expat-bugs] 20090117 [ expat-Bugs-1990430 ] Parser crash with specially formatted UTF-8 sequences
mailing-list
x_refsource_MLIST
38794
third-party-advisory
x_refsource_SECUNIA
[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates
mailing-list
x_refsource_MLIST
oval:org.mitre.oval:def:11019
vdb-entry
signature
x_refsource_OVAL
ADV-2010-1107
vdb-entry
x_refsource_VUPEN
MDVSA-2009:211
vendor-advisory
x_refsource_MANDRIVA
[oss-security] 20090826 Re: Re: expat bug 1990430
mailing-list
x_refsource_MLIST
41701
third-party-advisory
x_refsource_SECUNIA
SUSE-SR:2010:011
vendor-advisory
x_refsource_SUSE
[oss-security] 20090821 expat bug 1990430
mailing-list
x_refsource_MLIST
37925
third-party-advisory
x_refsource_SECUNIA
38050
third-party-advisory
x_refsource_SECUNIA
1023160
vdb-entry
x_refsource_SECTRACK
SUSE-SR:2010:013
vendor-advisory
x_refsource_SUSE
oval:org.mitre.oval:def:7112
vdb-entry
signature
x_refsource_OVAL
https://bugzilla.redhat.com/show_bug.cgi?id=531697
x_refsource_CONFIRM
FEDORA-2010-17720
vendor-advisory
x_refsource_FEDORA
[oss-security] 20091022 Re: Re: Regarding expat bug 1990430
mailing-list
x_refsource_MLIST
USN-890-6
vendor-advisory
x_refsource_UBUNTU
[oss-security] 20091026 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]
mailing-list
x_refsource_MLIST
FEDORA-2010-17732
vendor-advisory
x_refsource_FEDORA
[oss-security] 20090826 Re: expat bug 1990430
mailing-list
x_refsource_MLIST
42338
third-party-advisory
x_refsource_SECUNIA
https://bugs.gentoo.org/show_bug.cgi?id=280615
x_refsource_CONFIRM
FEDORA-2009-12737
vendor-advisory
x_refsource_FEDORA
38231
third-party-advisory
x_refsource_SECUNIA
ADV-2010-3053
vdb-entry
x_refsource_VUPEN
[oss-security] 20091028 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]
mailing-list
x_refsource_MLIST
FEDORA-2010-17762
vendor-advisory
x_refsource_FEDORA
SUSE-SR:2010:012
vendor-advisory
x_refsource_SUSE
MDVSA-2009:212
vendor-advisory
x_refsource_MANDRIVA
MDVSA-2009:218
vendor-advisory
x_refsource_MANDRIVA
38834
third-party-advisory
x_refsource_SECUNIA
ADV-2010-3061
vdb-entry
x_refsource_VUPEN
39478
third-party-advisory
x_refsource_SECUNIA
SUSE-SR:2010:014
vendor-advisory
x_refsource_SUSE
37537
third-party-advisory
x_refsource_SECUNIA
[oss-security] 20091022 Regarding expat bug 1990430
mailing-list
x_refsource_MLIST
oval:org.mitre.oval:def:12719
vdb-entry
signature
x_refsource_OVAL
43300
third-party-advisory
x_refsource_SECUNIA
RHSA-2011:0896
vendor-advisory
x_refsource_REDHAT
ADV-2010-0896
vdb-entry
x_refsource_VUPEN
273630
vendor-advisory
x_refsource_SUNALERT
HPSBUX02645
vendor-advisory
x_refsource_HP
[oss-security] 20090827 Re: Re: expat bug 1990430
mailing-list
x_refsource_MLIST
FEDORA-2010-17819
vendor-advisory
x_refsource_FEDORA
[oss-security] 20090906 Re: Re: expat bug 1990430
mailing-list
x_refsource_MLIST
[oss-security] 20091023 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]
mailing-list
x_refsource_MLIST
ADV-2011-0359
vdb-entry
x_refsource_VUPEN
MDVSA-2009:219
vendor-advisory
x_refsource_MANDRIVA
ADV-2010-3035
vdb-entry
x_refsource_VUPEN
MDVSA-2009:217
vendor-advisory
x_refsource_MANDRIVA
37324
third-party-advisory
x_refsource_SECUNIA
42326
third-party-advisory
x_refsource_SECUNIA
ADV-2010-0528
vdb-entry
x_refsource_VUPEN
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1888194 [6/13] - /httpd/site/trunk/content/security/json/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1073139 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now