CVE-2009-3720 — Project Libexpat vulnerability
25 documents9 sources
Severity
5.0MEDIUMNVD
EPSS
1.2%
top 21.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 3
Latest updateMay 2
Description
The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
CVSS vector
AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9
Affected Packages7 packages
🔴Vulnerability Details
3📋Vendor Advisories
11💬Community
10Bugzilla▶
CVE-2009-3720 expat: buffer over-read and crash on XML with malformed UTF-8 sequences [fedora-all]↗2011-03-29
Bugzilla▶
CVE-2009-3720 expat: buffer over-read and crash on XML with malformed UTF-8 sequences [fedora-all]↗2011-03-29
Bugzilla▶
CVE-2009-3720 expat: buffer over-read and crash on XML with malformed UTF-8 sequences [fedora-all]↗2011-03-29
Bugzilla▶
CVE-2009-3720 expat: buffer over-read and crash on XML with malformed UTF-8 sequences [epel-all]↗2011-03-29
Bugzilla▶
CVE-2009-3720 expat: buffer over-read and crash on XML with malformed UTF-8 sequences [fedora-all]↗2011-03-29