Back to search
CVE-2009-5016
Published: Nov 12, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string that uses overlong UTF-8 encoding, a different vulnerability than CVE-2010-3870.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2011-0077
vdb-entry
x_refsource_VUPEN
44889
vdb-entry
x_refsource_BID
FEDORA-2010-19011
vendor-advisory
x_refsource_FEDORA
42812
third-party-advisory
x_refsource_SECUNIA
RHSA-2011:0195
vendor-advisory
x_refsource_REDHAT
http://bugs.php.net/bug.php?id=49687
x_refsource_CONFIRM
USN-1042-1
vendor-advisory
x_refsource_UBUNTU
RHSA-2010:0919
vendor-advisory
x_refsource_REDHAT
ADV-2011-0021
vdb-entry
x_refsource_VUPEN
42410
third-party-advisory
x_refsource_SECUNIA
FEDORA-2010-18976
vendor-advisory
x_refsource_FEDORA
ADV-2011-0020
vdb-entry
x_refsource_VUPEN
ADV-2010-3081
vdb-entry
x_refsource_VUPEN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now