2 results (0.008 seconds)

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's setting. perl-XML-Twig: La opción para `expand_external_ents`, documentada como control de la expansión de la entidad externa en XML::Twig no funciona. Entidades externas siempre se expanden, independientemente de las opciones de los ajustes. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00033.html http://www.openwall.com/lists/oss-security/2016/11/04/2 http://www.securityfocus.com/bid/94219 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 5.0EPSS: 1%CPEs: 4EXPL: 1

The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720. La función big2_toUt8 en lib/xmltok.c en libexpat de Expat v2.0.1, como el usado en el módulo XML-Twig para Perl, permite a los atacantes dependientes del contexto provocar una denegación de servicio (caída de aplicación) mediante un documento XML con secuencias UTF-8 malformadas que disparan un desbordamiento de lectura de búfer, relacionado con la función doProlog en lib/xmlparse.c, siendo una vulnerabilidad diferente a CVE-2009-2625 y CVE-2009-3720. • http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.165 http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=log#rev1.165 http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://lists.opensuse. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •