CVE-2009-3560
expat: buffer over-read and crash in big2_toUtf8() on XML with malformed UTF-8 sequences
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.
La función big2_toUt8 en lib/xmltok.c en libexpat de Expat v2.0.1, como el usado en el módulo XML-Twig para Perl, permite a los atacantes dependientes del contexto provocar una denegación de servicio (caída de aplicación) mediante un documento XML con secuencias UTF-8 malformadas que disparan un desbordamiento de lectura de búfer, relacionado con la función doProlog en lib/xmlparse.c, siendo una vulnerabilidad diferente a CVE-2009-2625 y CVE-2009-3720.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-10-05 CVE Reserved
- 2009-12-04 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2024-11-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (58)
URL | Date | SRC |
---|---|---|
http://mail.python.org/pipermail/expat-bugs/2009-November/002846.html | 2024-08-07 |
URL | Date | SRC |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=533174 | 2017-11-16 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Libexpat Project Search vendor "Libexpat Project" | Libexpat Search vendor "Libexpat Project" for product "Libexpat" | 2.0.1 Search vendor "Libexpat Project" for product "Libexpat" and version "2.0.1" | - |
Affected
| in | Xmltwig Search vendor "Xmltwig" | Xml-twig For Perl Search vendor "Xmltwig" for product "Xml-twig For Perl" | * | - |
Safe
|
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | >= 2.0.35 < 2.0.64 Search vendor "Apache" for product "Http Server" and version " >= 2.0.35 < 2.0.64" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | >= 2.2.0 < 2.2.17 Search vendor "Apache" for product "Http Server" and version " >= 2.2.0 < 2.2.17" | - |
Affected
|