SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   expat Vendors:   libexpat.org
expat UTF-8 Sequence Parsing Flaw Lets Users Deny Service
SecurityTracker Alert ID:  1023160
SecurityTracker URL:  http://securitytracker.com/id/1023160
CVE Reference:   CVE-2009-3720   (Links to External Site)
Date:  Nov 11 2009
Impact:   Denial of service via local system, Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in expat. A user can cause denial of service conditions.

A remote or local user can supply XML content with a specially crafted UTF-8 sequence that, when processed by expat, will cause expat to crash.

The specific impact depends on the application using expat.

The vulnerability resides in 'xmltok_impl.c'.

Peter Valchev reported this vulnerability.

Impact:   A user can cause expat to crash.
Solution:   The vendor has issued a source code fix.

A source code patch is available at:

http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.13&r2=1.15&view=patch

Vendor URL:  www.libexpat.org/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Nov 11 2009 (Red Hat Issues Fix for 4Suite) expat UTF-8 Sequence Parsing Flaw Lets Users Deny Service
Red Hat has issued a fix for 4Suite for Red Hat Enterprise Linux 3 and 4.
Dec 4 2009 (Sun Issues Fix) expat UTF-8 Sequence Parsing Flaw Lets Users Deny Service
Sun has issued a fix for OpenSolaris.
Dec 7 2009 (Red Hat Issues Fix) expat UTF-8 Sequence Parsing Flaw Lets Users Deny Service
Red Hat has issued a fix for Red Hat Enterprise Linux 3, 4, and 5.
Jan 4 2010 (Red Hat Issues Fix for PyXML) expat UTF-8 Sequence Parsing Flaw Lets Users Deny Service
Red Hat has issued a fix for PyXML for Red Hat Enterprise Linux 4 and 5.
Mar 23 2017 (Apple Issues Fix for Apple iTunes) expat UTF-8 Sequence Parsing Flaw Lets Users Deny Service
Apple has issued a fix for Apple iTunes.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, SecurityGlobal.net LLC