CVE-2009-3560

expat: buffer over-read and crash in big2_toUtf8() on XML with malformed UTF-8 sequences

Severity Score

6.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.

La función big2_toUt8 en lib/xmltok.c en libexpat de Expat v2.0.1, como el usado en el módulo XML-Twig para Perl, permite a los atacantes dependientes del contexto provocar una denegación de servicio (caída de aplicación) mediante un documento XML con secuencias UTF-8 malformadas que disparan un desbordamiento de lectura de búfer, relacionado con la función doProlog en lib/xmlparse.c, siendo una vulnerabilidad diferente a CVE-2009-2625 y CVE-2009-3720.

This advisory provides additional information for APPLE-SA-2017-03-22-1. iTunes for Windows 12.6 addresses multiple vulnerabilities in various included software.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2009-10-05 CVE Reserved
2009-12-04 CVE Published
2024-08-07 CVE Updated
2024-08-07 First Exploit
2025-04-02 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (58)

URL	Tag	Source
http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=log#rev1.165	Broken Link
http://lists.vmware.com/pipermail/security-announce/2010/000082.html	Broken Link
http://secunia.com/advisories/37537	Broken Link
http://secunia.com/advisories/38231	Broken Link
http://secunia.com/advisories/38794	Broken Link
http://secunia.com/advisories/38832	Broken Link
http://secunia.com/advisories/38834	Broken Link
http://secunia.com/advisories/39478	Broken Link
http://secunia.com/advisories/41701	Broken Link
http://secunia.com/advisories/43300	Broken Link
http://www.securityfocus.com/bid/37203	Third Party Advisory
http://www.securitytracker.com/id?1023278	Third Party Advisory
http://www.vupen.com/english/advisories/2010/0528	Broken Link
http://www.vupen.com/english/advisories/2010/0896	Broken Link
http://www.vupen.com/english/advisories/2010/1107	Broken Link
http://www.vupen.com/english/advisories/2011/0359	Broken Link
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10613	Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12942	Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6883	Broken Link

URL	Date	SRC
http://mail.python.org/pipermail/expat-bugs/2009-November/002846.html	2024-08-07

URL	Date	SRC
https://bugzilla.redhat.com/show_bug.cgi?id=533174	2017-11-16

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html	2023-11-07
http://marc.info/?l=bugtraq&m=130168502603566&w=2	2023-11-07
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026	2023-11-07
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273630-1	2023-11-07
http://www.debian.org/security/2009/dsa-1953	2023-11-07
http://www.mandriva.com/security/advisories?name=MDVSA-2009:316	2023-11-07
http://www.redhat.com/support/errata/RHSA-2011-0896.html	2023-11-07
http://www.ubuntu.com/usn/USN-890-1	2023-11-07
http://www.ubuntu.com/usn/USN-890-6	2023-11-07
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00370.html	2023-11-07
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00394.html	2023-11-07
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00413.html	2023-11-07
https://access.redhat.com/security/cve/CVE-2009-3560	2017-11-16

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Libexpat Project Search vendor "Libexpat Project"	Libexpat Search vendor "Libexpat Project" for product "Libexpat"	2.0.1 Search vendor "Libexpat Project" for product "Libexpat" and version "2.0.1"	-	Affected	in	Xmltwig Search vendor "Xmltwig"	Xml-twig For Perl Search vendor "Xmltwig" for product "Xml-twig For Perl"	*	-	Safe
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				>= 2.0.35 < 2.0.64 Search vendor "Apache" for product "Http Server" and version " >= 2.0.35 < 2.0.64"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				>= 2.2.0 < 2.2.17 Search vendor "Apache" for product "Http Server" and version " >= 2.2.0 < 2.2.17"		-		Affected