CVE-2012-0877
https://notcve.org/view.php?id=CVE-2012-0877
PyXML: Hash table collisions CPU usage Denial of Service PyXML: la CPU de colisiones de tablas hash usa una Denegación de Servicio • http://seclists.org/oss-sec/2014/q3/96 http://www.openwall.com/lists/oss-security/2014/07/08/11 https://access.redhat.com/security/cve/cve-2012-0877 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0877 https://security-tracker.debian.org/tracker/CVE-2012-0877 • CWE-400: Uncontrolled Resource Consumption •
CVE-2009-3720 – expat: buffer over-read and crash on XML with malformed UTF-8 sequences
https://notcve.org/view.php?id=CVE-2009-3720
The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625. La función updatePosition en lib/xmltok_impl.c en libexpat en Expat v2.0.1, usado en Python, PyXML, w3c-libwww, ay otros programas, permite a atacantes dependientes de contexto, provocar una denegación de servicio (caída de aplicación) a través de un documento XML con una secuencia de caracteres UTF-8 manipulada que provoca un desbordamiento de búfer fuera de límite (over-read). Vulnerabilidad distinta de CVE-2009-2625. • http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.13&r2=1.15&view=patch http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?view=log http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051228.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051247.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051367.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051405. •