CVE-2011-1156
published 2011-04-11CVE-2011-1156: feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0.1 allows remote attackers to cause a denial of service (application…
PriorityP417medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
3.23%
86.7th percentile
feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0.1 allows remote attackers to cause a denial of service (application crash) via a malformed DOCTYPE declaration.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | feedparser | < feedparser 5.0.1-1 (bookworm) | feedparser 5.0.1-1 (bookworm) |
| mark_pilgrim | feedparser | <= 5.0 | — |
| mark_pilgrim | feedparser | — | — |
| mark_pilgrim | feedparser | — | — |
| mark_pilgrim | feedparser | — | — |
| mark_pilgrim | feedparser | — | — |
| mark_pilgrim | feedparser | — | — |
| mark_pilgrim | feedparser | — | — |
| mark_pilgrim | feedparser | — | — |
| mark_pilgrim | feedparser | — | — |
| mark_pilgrim | feedparser | — | — |
| mark_pilgrim | feedparser | >= 0 < 5.0.1-1 | 5.0.1-1 |
| mark_pilgrim | feedparser | >= 0 < 5.0.1-1 | 5.0.1-1 |
| mark_pilgrim | feedparser | >= 0 < 5.0.1-1 | 5.0.1-1 |
| mark_pilgrim | feedparser | >= 0 < 5.0.1-1 | 5.0.1-1 |
| mark_pilgrim | feedparser | >= 4.1 < 5.0.1 | 5.0.1 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
feedparser denial of service vulnerability
ghsa·2018-07-23
CVE-2011-1156 [HIGH] CWE-20 feedparser denial of service vulnerability
feedparser denial of service vulnerability
feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0.1 allows remote attackers to cause a denial of service (application crash) via a malformed DOCTYPE declaration.
OSV
feedparser denial of service vulnerability
osv·2018-07-23
CVE-2011-1156 [HIGH] feedparser denial of service vulnerability
feedparser denial of service vulnerability
feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0.1 allows remote attackers to cause a denial of service (application crash) via a malformed DOCTYPE declaration.
OSV
CVE-2011-1156: feedparser
osv·2011-04-11·CVSS 5.0
CVE-2011-1156 [MEDIUM] CVE-2011-1156: feedparser
feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0.1 allows remote attackers to cause a denial of service (application crash) via a malformed DOCTYPE declaration.
Debian
CVE-2011-1156: feedparser - feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) bef...
vendor_debian·2011·CVSS 5.0
CVE-2011-1156 [MEDIUM] CVE-2011-1156: feedparser - feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) bef...
feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0.1 allows remote attackers to cause a denial of service (application crash) via a malformed DOCTYPE declaration.
Scope: local
bookworm: resolved (fixed in 5.0.1-1)
bullseye: resolved (fixed in 5.0.1-1)
forky: resolved (fixed in 5.0.1-1)
sid: resolved (fixed in 5.0.1-1)
trixie: resolved (fixed in 5.0.1-1)
No detection rules found.
No public exploits indexed.
Bugzilla
python-feedparser: multiple flaws corrected in version 5.0.1 [epel-all]
bugzilla·2011-03-14·CVSS 5.0
[MEDIUM] python-feedparser: multiple flaws corrected in version 5.0.1 [epel-all]
python-feedparser: multiple flaws corrected in version 5.0.1 [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=684877
Please note: this issue affects multiple su
Bugzilla
CVE-2009-5065 CVE-2011-1156 CVE-2011-1157 CVE-2011-1158 python-feedparser: multiple flaws corrected in version 5.0.1
bugzilla·2011-03-14·CVSS 4.3
CVE-2009-5065 [MEDIUM] CVE-2009-5065 CVE-2011-1156 CVE-2011-1157 CVE-2011-1158 python-feedparser: multiple flaws corrected in version 5.0.1
CVE-2009-5065 CVE-2011-1156 CVE-2011-1157 CVE-2011-1158 python-feedparser: multiple flaws corrected in version 5.0.1
The Python Feed Parser program (python-feedparser) recently released version 5.0.1 with the following fixes:
* Fix issue 91 (invalid text in XML declaration causes sanitizer to crash)
* Fix issue 254 (sanitization can be bypassed by malformed XML comments)
* Fix issue 255 (sanitizer doesn't strip unsafe URI schemes)
Giving the code a quick look, I don't believe the latter two issues affected 4.1 (possibly introduced in the 5.0 release). The first issue was reported against version 4.1 so would affect what we currently ship in Fedora and EPEL.
Version 5.0.1 corrects these flaws. It may be worthwhile to update to the latest version as the 5.0 release corrected a number of
http://lists.opensuse.org/opensuse-updates/2011-04/msg00026.htmlhttp://openwall.com/lists/oss-security/2011/03/14/18http://openwall.com/lists/oss-security/2011/03/15/11http://secunia.com/advisories/43730http://secunia.com/advisories/44074http://support.novell.com/security/cve/CVE-2011-1156.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2011:082http://www.securityfocus.com/bid/46867https://bugzilla.novell.com/show_bug.cgi?id=680074https://bugzilla.redhat.com/show_bug.cgi?id=684877https://code.google.com/p/feedparser/issues/detail?id=91http://lists.opensuse.org/opensuse-updates/2011-04/msg00026.htmlhttp://openwall.com/lists/oss-security/2011/03/14/18http://openwall.com/lists/oss-security/2011/03/15/11http://secunia.com/advisories/43730http://secunia.com/advisories/44074http://support.novell.com/security/cve/CVE-2011-1156.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2011:082http://www.securityfocus.com/bid/46867https://bugzilla.novell.com/show_bug.cgi?id=680074https://bugzilla.redhat.com/show_bug.cgi?id=684877https://code.google.com/p/feedparser/issues/detail?id=91
2011-04-11
Published