5

CVE-2009-3560

Exploit

EPSS 2.83%
Veröffentlicht 04.12.2009 21:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 61

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Libexpat Project ≫ Libexpat Version2.0.1

Xmltwig ≫ Xml-twig For Perl

Apache ≫ HTTP Server Version >= 2.0.35 < 2.0.64

Apache ≫ HTTP Server Version >= 2.2.0 < 2.2.17

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.83%	0.857

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E

http://lists.vmware.com/pipermail/security-announce/2010/000082.html

Broken Link

http://secunia.com/advisories/38794

Broken Link

http://www.vupen.com/english/advisories/2010/0528

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

Third Party Advisory

VDB Entry

http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html

Third Party Advisory

VDB Entry

http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html

Third Party Advisory

VDB Entry

http://www.vupen.com/english/advisories/2010/1107

Broken Link

http://secunia.com/advisories/38834

Broken Link

https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E

http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

Third Party Advisory

VDB Entry

http://secunia.com/advisories/38231

Broken Link

http://secunia.com/advisories/43300

Broken Link

http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026

Third Party Advisory

Mailing List

http://www.ubuntu.com/usn/USN-890-1

Third Party Advisory

VDB Entry

http://www.vupen.com/english/advisories/2011/0359

Broken Link

http://www.redhat.com/support/errata/RHSA-2011-0896.html

Broken Link

http://marc.info/?l=bugtraq&m=130168502603566&w=2

Third Party Advisory

Mailing List

http://secunia.com/advisories/37537

Broken Link

http://secunia.com/advisories/38832

Broken Link

http://secunia.com/advisories/39478

Broken Link

http://secunia.com/advisories/41701

Broken Link

http://sunsolve.sun.com/search/document.do?assetkey=1-66-273630-1

Third Party Advisory

Mailing List

http://www.ubuntu.com/usn/USN-890-6

Third Party Advisory

http://www.vupen.com/english/advisories/2010/0896

Broken Link

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00370.html

Third Party Advisory

Mailing List

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00413.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html

Third Party Advisory

http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.165

Permissions Required

http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=log#rev1.165

Broken Link

http://mail.python.org/pipermail/expat-bugs/2009-November/002846.html

Exploit

http://www.debian.org/security/2009/dsa-1953

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2009:316

Broken Link

http://www.securityfocus.com/bid/37203

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id?1023278

Third Party Advisory

VDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=533174

Patch

Issue Tracking

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10613

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12942

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6883

Broken Link

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00394.html

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2009-3560

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-3560

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-3560

EUVD