CVE-2009-3720 - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

CVE CVE-2009-3720
Status Candidate
Description The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
Severity Medium
CVSS score 5
CVSS vector (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Phase Assigned (28.09.2011)
NVD: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3720
References CONFIRM : http://expat.cvs.sourceforge.net/viewvc/expat/expa...
CONFIRM : http://expat.cvs.sourceforge.net/viewvc/expat/expa...
CONFIRM : http://svn.python.org/view?view=rev&revision=7...
CONFIRM : https://bugs.gentoo.org/show_bug.cgi?id=280615
CONFIRM : https://bugzilla.redhat.com/show_bug.cgi?id=531697
FEDORA : FEDORA-2009-12690
FEDORA : FEDORA-2009-12737
FEDORA : FEDORA-2009-12753
MANDRIVA : MDVSA-2009:211
MANDRIVA : MDVSA-2009:212
MANDRIVA : MDVSA-2009:215
MANDRIVA : MDVSA-2009:216
MANDRIVA : MDVSA-2009:217
MANDRIVA : MDVSA-2009:218
MANDRIVA : MDVSA-2009:219
MANDRIVA : MDVSA-2009:220
MISC : http://sourceforge.net/tracker/index.php?func=deta...
MLIST : [expat-bugs] 20090117 [ expat-Bugs-1990430 ] Parser crash with specially formatted UTF-8 sequences
MLIST : [oss-security] 20090821 expat bug 1990430
MLIST : [oss-security] 20090826 Re: expat bug 1990430
MLIST : [oss-security] 20090826 Re: Re: expat bug 1990430
MLIST : [oss-security] 20090827 Re: Re: expat bug 1990430
MLIST : [oss-security] 20090906 Re: Re: expat bug 1990430
MLIST : [oss-security] 20091022 Re: Re: Regarding expat bug 1990430
MLIST : [oss-security] 20091022 Re: Regarding expat bug 1990430
MLIST : [oss-security] 20091022 Regarding expat bug 1990430
MLIST : [oss-security] 20091023 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]
MLIST : [oss-security] 20091026 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]
MLIST : [oss-security] 20091028 Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430]
MLIST : [security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates
OVAL : oval:org.mitre.oval:def:11019
OVAL : oval:org.mitre.oval:def:7112
REDHAT : RHSA-2010:0002
SECTRACK : 1023160
SECUNIA : 37324
SECUNIA : 37537
SECUNIA : 37925
SECUNIA : 38050
SECUNIA : 38231
SECUNIA : 38794
SECUNIA : 38832
SECUNIA : 38834
SECUNIA : 39478
SUNALERT : 273630
SUSE : SUSE-SR:2009:018
SUSE : SUSE-SR:2010:011
SUSE : SUSE-SR:2010:012
SUSE : SUSE-SR:2010:013
SUSE : SUSE-SR:2010:014
UBUNTU : USN-890-1
UBUNTU : USN-890-6
VUPEN : ADV-2010-0528
VUPEN : ADV-2010-0896
VUPEN : ADV-2010-1107

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

test server