5

CVE-2009-3560

Exploit
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Libexpat ProjectLibexpat Version2.0.1
ApacheHTTP Server Version >= 2.0.35 < 2.0.64
ApacheHTTP Server Version >= 2.2.0 < 2.2.17
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 24.31% 0.976
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
Broken Link
http://secunia.com/advisories/38794
Broken Link
http://www.vupen.com/english/advisories/2010/0528
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
Third Party Advisory
VDB Entry
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
Third Party Advisory
VDB Entry
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2010/1107
Broken Link
http://secunia.com/advisories/38834
Broken Link
https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
Third Party Advisory
VDB Entry
http://secunia.com/advisories/38231
Broken Link
http://secunia.com/advisories/43300
Broken Link
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026
Third Party Advisory
Mailing List
http://www.ubuntu.com/usn/USN-890-1
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2011/0359
Broken Link
http://www.redhat.com/support/errata/RHSA-2011-0896.html
Broken Link
http://marc.info/?l=bugtraq&m=130168502603566&w=2
Third Party Advisory
Mailing List
http://secunia.com/advisories/37537
Broken Link
http://secunia.com/advisories/38832
Broken Link
http://secunia.com/advisories/39478
Broken Link
http://secunia.com/advisories/41701
Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-66-273630-1
Third Party Advisory
Mailing List
http://www.ubuntu.com/usn/USN-890-6
Third Party Advisory
http://www.vupen.com/english/advisories/2010/0896
Broken Link
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00370.html
Third Party Advisory
Mailing List
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00413.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html
Third Party Advisory
http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.165
Permissions Required
http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=log#rev1.165
Broken Link
http://mail.python.org/pipermail/expat-bugs/2009-November/002846.html
Exploit
http://www.debian.org/security/2009/dsa-1953
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:316
Broken Link
http://www.securityfocus.com/bid/37203
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1023278
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=533174
Patch
Issue Tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10613
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12942
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6883
Broken Link
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00394.html
Third Party Advisory
Mailing List