4.3
CVE-2009-3627
- EPSS 0.73%
- Veröffentlicht 29.10.2009 14:30:01
- Zuletzt bearbeitet 09.04.2025 00:30:58
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LoginThe decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Derrick Oswald ≫ Html-parser Version <= 3.54
Derrick Oswald ≫ Html-parser Version1.00
Derrick Oswald ≫ Html-parser Version1.1
Derrick Oswald ≫ Html-parser Version1.2
Derrick Oswald ≫ Html-parser Version1.3
Derrick Oswald ≫ Html-parser Version1.4
Derrick Oswald ≫ Html-parser Version1.5
Derrick Oswald ≫ Html-parser Version1.6
Derrick Oswald ≫ Html-parser Version1.41
Derrick Oswald ≫ Html-parser Version1.42
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.73% | 0.716 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.