CVE - CVE-2009-3560

CVE-ID
CVE-2009-3560	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MLIST:[expat-bugs] 20091108 [ expat-Bugs-2894085 ] expat: buffer over-read and crash in big2_toUtf8() URL:http://mail.python.org/pipermail/expat-bugs/2009-November/002846.html MLIST:[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates URL:http://lists.vmware.com/pipermail/security-announce/2010/000082.html CONFIRM:http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.165 CONFIRM:http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=log#rev1.165 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=533174 DEBIAN:DSA-1953 URL:http://www.debian.org/security/2009/dsa-1953 FEDORA:FEDORA-2009-12690 URL:https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00370.html FEDORA:FEDORA-2009-12716 URL:https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00394.html FEDORA:FEDORA-2009-12737 URL:https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00413.html HP:HPSBUX02645 URL:http://marc.info/?l=bugtraq&m=130168502603566&w=2 MANDRIVA:MDVSA-2009:316 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:316 REDHAT:RHSA-2011:0896 URL:http://www.redhat.com/support/errata/RHSA-2011-0896.html SLACKWARE:SSA:2011-041-02 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026 SUNALERT:273630 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-66-273630-1 SUSE:SUSE-SR:2010:001 URL:http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html SUSE:SUSE-SR:2010:011 URL:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html SUSE:SUSE-SR:2010:012 URL:http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html SUSE:SUSE-SR:2010:013 URL:http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html SUSE:SUSE-SR:2010:014 URL:http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html UBUNTU:USN-890-1 URL:http://www.ubuntu.com/usn/USN-890-1 UBUNTU:USN-890-6 URL:http://www.ubuntu.com/usn/USN-890-6 BID:37203 URL:http://www.securityfocus.com/bid/37203 OVAL:oval:org.mitre.oval:def:10613 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10613 OVAL:oval:org.mitre.oval:def:6883 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6883 OVAL:oval:org.mitre.oval:def:12942 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12942 SECTRACK:1023278 URL:http://www.securitytracker.com/id?1023278 SECUNIA:37537 URL:http://secunia.com/advisories/37537 SECUNIA:38231 URL:http://secunia.com/advisories/38231 SECUNIA:38794 URL:http://secunia.com/advisories/38794 SECUNIA:38832 URL:http://secunia.com/advisories/38832 SECUNIA:38834 URL:http://secunia.com/advisories/38834 SECUNIA:39478 URL:http://secunia.com/advisories/39478 SECUNIA:41701 URL:http://secunia.com/advisories/41701 SECUNIA:43300 URL:http://secunia.com/advisories/43300 VUPEN:ADV-2010-0528 URL:http://www.vupen.com/english/advisories/2010/0528 VUPEN:ADV-2010-0896 URL:http://www.vupen.com/english/advisories/2010/0896 VUPEN:ADV-2010-1107 URL:http://www.vupen.com/english/advisories/2010/1107 VUPEN:ADV-2011-0359 URL:http://www.vupen.com/english/advisories/2011/0359
Assigning CNA
N/A
Date Entry Created
20091005	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20091005)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org