Twenty Year Anniversary
Showing 1 - 22 of 22 RSS Feed

CVE-2009-3720

Status Candidate

Overview

The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.

Related Files

Apple Security Advisory 2017-03-28-2
Posted Mar 28, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-03-28-2 - This advisory provides additional information for APPLE-SA-2017-03-22-1. iTunes for Windows 12.6 addresses multiple vulnerabilities in various included software.

tags | advisory, vulnerability
systems | windows, apple
advisories | CVE-2009-3270, CVE-2009-3560, CVE-2009-3720, CVE-2012-1147, CVE-2012-1148, CVE-2012-6702, CVE-2013-7443, CVE-2015-1283, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-3717, CVE-2015-6607, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300, CVE-2016-6153, CVE-2017-2383, CVE-2017-2463, CVE-2017-2479, CVE-2017-2480, CVE-2017-5029
MD5 | e81764e60882d63eba34b90e1a1a18b1
Apple Security Advisory 2017-03-22-2
Posted Mar 24, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-03-22-2 - iTunes for Mac 12.6 is now available and addresses vulnerabilities in expat and SQLite.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2009-3270, CVE-2009-3560, CVE-2009-3720, CVE-2012-1147, CVE-2012-1148, CVE-2012-6702, CVE-2013-7443, CVE-2015-1283, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-3717, CVE-2015-6607, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300, CVE-2016-6153
MD5 | 38c6e0f8c553ac1fec2b4079143ddd49
Apple Security Advisory 2017-03-22-1
Posted Mar 23, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-03-22-1 - iTunes for Windows 12.6 is now available and addresses vulnerabilities in expat and SQLite.

tags | advisory, vulnerability
systems | windows, apple
advisories | CVE-2009-3270, CVE-2009-3560, CVE-2009-3720, CVE-2012-1147, CVE-2012-1148, CVE-2012-6702, CVE-2013-7443, CVE-2015-1283, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-3717, CVE-2015-6607, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300, CVE-2016-6153
MD5 | 1bcb766e4f3265ba41b97e9177076f73
Gentoo Linux Security Advisory 201209-06
Posted Sep 24, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201209-6 - Multiple vulnerabilities have been found in Expat, possibly resulting in Denial of Service. Versions less than 2.1.0_beta3 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2009-3560, CVE-2009-3720, CVE-2012-0876, CVE-2012-1147, CVE-2012-1148
MD5 | 8bc7845bc16ff6a87259c1ef6916c090
VMware Security Advisory 2012-0001
Posted Jan 30, 2012
Authored by VMware | Site vmware.com

VMware Security Advisory 2012-0001 - VMware ESXi and ESX updates to third party library and ESX Service Console address several security issues.

tags | advisory
advisories | CVE-2009-3560, CVE-2009-3720, CVE-2010-0547, CVE-2010-0787, CVE-2010-1634, CVE-2010-2059, CVE-2010-2089, CVE-2010-3493, CVE-2010-4649, CVE-2011-0695, CVE-2011-0711, CVE-2011-0726, CVE-2011-1015, CVE-2011-1044, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1093, CVE-2011-1163, CVE-2011-1166, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1182, CVE-2011-1494, CVE-2011-1495, CVE-2011-1521, CVE-2011-1573
MD5 | f01c53578bb58b204ee302611e8e3317
Red Hat Security Advisory 2011-0896-01
Posted Jun 24, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0896-01 - JBoss Enterprise Web Server has been updated to mitigate multiple vulnerabilities such as cross site scripting, information leaks, and more.

tags | advisory, web, vulnerability, xss
systems | linux, redhat
advisories | CVE-2008-7270, CVE-2009-3245, CVE-2009-3560, CVE-2009-3720, CVE-2009-3767, CVE-2010-1157, CVE-2010-1452, CVE-2010-1623, CVE-2010-2068, CVE-2010-3718, CVE-2010-4172, CVE-2010-4180, CVE-2011-0013, CVE-2011-0419
MD5 | 5e2544d20fad08fc33f74eb54e65a77a
Ubuntu Security Notice 890-6
Posted Apr 16, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 890-6 - USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for CMake. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2009-3560, CVE-2009-3720
MD5 | 96b627635d1c2eac3a0984822a494cb5
VMware Security Advisory 2010-0004
Posted Mar 5, 2010
Authored by VMware | Site vmware.com

VMware Security Advisory - Updates have been issues for ESX Service Console newt, nfs-utils, and glib2 packages. vMA updates for newt, nfs-util, glib2, kpartx, libvolume-id, device-mapper-multipath, fipscheck, dbus, dbus-libs, ed, openssl, bind, expat, openssh, ntp and kernel packages have also been issued.

tags | advisory, kernel
advisories | CVE-2009-2905, CVE-2008-4552, CVE-2008-4316, CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386, CVE-2009-1387, CVE-2009-0590, CVE-2009-4022, CVE-2009-3560, CVE-2009-3720, CVE-2009-2904, CVE-2009-3563, CVE-2009-2695, CVE-2009-2849, CVE-2009-2695, CVE-2009-2908
MD5 | e7771d8406b79f65ee870397e15c5e8a
Ubuntu Security Notice 890-5
Posted Feb 19, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 890-5 - USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for XML-RPC for C and C++. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2009-3560, CVE-2009-3720
MD5 | ea98fafb8a2ab1fae538a8fa4fae40e8
Ubuntu Security Notice 890-4
Posted Jan 27, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 890-4 - USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for PyXML. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2009-3560, CVE-2009-3720
MD5 | 19f31a335b1b16de92a692597b50b9be
Debian Linux Security Advisory 1977-1
Posted Jan 27, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1977-1 - Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that the embedded Expat copy in the interpreter for the Python language, does not properly process malformed or crafted XML files. This vulnerability could allow an attacker to cause a denial of service while parsing a malformed XML file. In addition, this update fixes an integer overflow in the hashlib module in python2.5. This vulnerability could allow an attacker to defeat cryptographic digests. It only affects the oldstable distribution (etch).

tags | advisory, denial of service, overflow, python
systems | linux, debian
advisories | CVE-2008-2316, CVE-2009-3560, CVE-2009-3720
MD5 | 849e7c1a44931c10b7948c6f91f0b161
Ubuntu Security Notice 890-3
Posted Jan 22, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 890-3 - USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for the PyExpat module in Python 2.4. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.

tags | advisory, denial of service, vulnerability, python
systems | linux, ubuntu
advisories | CVE-2009-3560, CVE-2009-3720
MD5 | 5bb6274ca915988ea7addb08819f54e2
Ubuntu Security Notice 890-2
Posted Jan 22, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 890-2 - USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for the PyExpat module in Python 2.5. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.

tags | advisory, denial of service, vulnerability, python
systems | linux, ubuntu
advisories | CVE-2009-3560, CVE-2009-3720
MD5 | 50d1bea0a0a31a88dc303a2bade68b83
Ubuntu Security Notice 890-1
Posted Jan 21, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 890-1 - Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2009-2625, CVE-2009-3560, CVE-2009-3720
MD5 | a0de62100f8b2ecb8205f9262ce11c58
Mandriva Linux Security Advisory 2009-220
Posted Jan 5, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-220 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update fixes this vulnerability. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-3720
MD5 | 519ad0aaf9f7de9d7a5a06b5ae943b5e
Mandriva Linux Security Advisory 2009-219
Posted Dec 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-219 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. Additionally on 2009.0 a patch was added to prevent kompozer from crashing (#44830), on 2009.1 a format string patch was added to make it build with the -Wformat -Werror=format-security gcc optimization switch added in 2009.1 This update fixes these issues. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-3720
MD5 | a079162db681f832568a31f22ca616ed
Mandriva Linux Security Advisory 2009-215
Posted Dec 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-215 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update fixes this vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-3720
MD5 | 16888f5a12532c6820226abef2c8df31
Mandriva Linux Security Advisory 2009-218
Posted Dec 5, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-218 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update fixes this vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-3720
MD5 | 30599622274a6a427213334f3092ab58
Mandriva Linux Security Advisory 2009-212
Posted Dec 5, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-212 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update fixes this vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-3720
MD5 | 4b025593d08806a343de0eba426069fe
Mandriva Linux Security Advisory 2009-211
Posted Dec 5, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-211 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update fixes this vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-3720
MD5 | 7e61663a3f19dea9e078424a5be3ef7a
Mandriva Linux Security Advisory 2009-213
Posted Dec 5, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-213 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update fixes this vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-3720
MD5 | 83a980775861460b6320acf0bf388298
Mandriva Linux Security Advisory 2009-217
Posted Dec 3, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-217 - A number of security vulnerabilities have been discovered in Mozilla Security issues in thunderbird could lead to a man-in-the-middle attack via a spoofed X.509 certificate. A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update provides the latest version of Thunderbird which are not vulnerable to these issues. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, denial of service, spoof, vulnerability
systems | linux, mandriva
advisories | CVE-2009-2408, CVE-2009-3720
MD5 | 5efad2dc20006e34e207d0960bc030cf
Page 1 of 1
Back1Next

File Archive:

October 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    26 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    2 Files
  • 7
    Oct 7th
    3 Files
  • 8
    Oct 8th
    23 Files
  • 9
    Oct 9th
    16 Files
  • 10
    Oct 10th
    15 Files
  • 11
    Oct 11th
    19 Files
  • 12
    Oct 12th
    16 Files
  • 13
    Oct 13th
    2 Files
  • 14
    Oct 14th
    2 Files
  • 15
    Oct 15th
    15 Files
  • 16
    Oct 16th
    5 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close