4.3
CVE-2009-3627
- EPSS 1.73%
- Veröffentlicht 29.10.2009 14:30:01
- Zuletzt bearbeitet 16.06.2026 23:12:02
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LoginThe decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Derrick Oswald ≫ Html-parser Version <= 3.54
Derrick Oswald ≫ Html-parser Version1.00
Derrick Oswald ≫ Html-parser Version1.1
Derrick Oswald ≫ Html-parser Version1.2
Derrick Oswald ≫ Html-parser Version1.3
Derrick Oswald ≫ Html-parser Version1.4
Derrick Oswald ≫ Html-parser Version1.5
Derrick Oswald ≫ Html-parser Version1.6
Derrick Oswald ≫ Html-parser Version1.41
Derrick Oswald ≫ Html-parser Version1.42
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.73% | 0.746 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225
http://github.com/gisle/html-parser/commit/b9aae1e43eb2c8e989510187cff0ba3e996f9a4c
http://secunia.com/advisories/37155
http://www.openwall.com/lists/oss-security/2009/10/23/9
http://www.securityfocus.com/bid/36807
http://www.vupen.com/english/advisories/2009/3022
https://bugzilla.redhat.com/show_bug.cgi?id=530604
https://exchange.xforce.ibmcloud.com/vulnerabilities/53941