what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 22 of 22 RSS Feed

CVE-2009-3720

Status Candidate

Overview

The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.

Related Files

Apple Security Advisory 2017-03-28-2
Posted Mar 28, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-03-28-2 - This advisory provides additional information for APPLE-SA-2017-03-22-1. iTunes for Windows 12.6 addresses multiple vulnerabilities in various included software.

tags | advisory, vulnerability
systems | windows, apple
advisories | CVE-2009-3270, CVE-2009-3560, CVE-2009-3720, CVE-2012-1147, CVE-2012-1148, CVE-2012-6702, CVE-2013-7443, CVE-2015-1283, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-3717, CVE-2015-6607, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300, CVE-2016-6153, CVE-2017-2383, CVE-2017-2463, CVE-2017-2479, CVE-2017-2480, CVE-2017-5029
SHA-256 | 5e917bb7e6f9edc636297d6a5ef7728eaba569232b19fbb441916d312716221a
Apple Security Advisory 2017-03-22-2
Posted Mar 24, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-03-22-2 - iTunes for Mac 12.6 is now available and addresses vulnerabilities in expat and SQLite.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2009-3270, CVE-2009-3560, CVE-2009-3720, CVE-2012-1147, CVE-2012-1148, CVE-2012-6702, CVE-2013-7443, CVE-2015-1283, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-3717, CVE-2015-6607, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300, CVE-2016-6153
SHA-256 | e601858939a95c65d673d763bbb29441fc85d606b842630460eb8b9750f35800
Apple Security Advisory 2017-03-22-1
Posted Mar 23, 2017
Authored by Apple | Site apple.com

Apple Security Advisory 2017-03-22-1 - iTunes for Windows 12.6 is now available and addresses vulnerabilities in expat and SQLite.

tags | advisory, vulnerability
systems | windows, apple
advisories | CVE-2009-3270, CVE-2009-3560, CVE-2009-3720, CVE-2012-1147, CVE-2012-1148, CVE-2012-6702, CVE-2013-7443, CVE-2015-1283, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-3717, CVE-2015-6607, CVE-2016-0718, CVE-2016-4472, CVE-2016-5300, CVE-2016-6153
SHA-256 | 92a02342700665c6f80c898f87e8f99e851a1d4239733c1dbddbbd842956b509
Gentoo Linux Security Advisory 201209-06
Posted Sep 24, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201209-6 - Multiple vulnerabilities have been found in Expat, possibly resulting in Denial of Service. Versions less than 2.1.0_beta3 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2009-3560, CVE-2009-3720, CVE-2012-0876, CVE-2012-1147, CVE-2012-1148
SHA-256 | 822ec539973278a040496a2f65af0dd1463e48af5d213341fb183708ba1cc60d
VMware Security Advisory 2012-0001
Posted Jan 30, 2012
Authored by VMware | Site vmware.com

VMware Security Advisory 2012-0001 - VMware ESXi and ESX updates to third party library and ESX Service Console address several security issues.

tags | advisory
advisories | CVE-2009-3560, CVE-2009-3720, CVE-2010-0547, CVE-2010-0787, CVE-2010-1634, CVE-2010-2059, CVE-2010-2089, CVE-2010-3493, CVE-2010-4649, CVE-2011-0695, CVE-2011-0711, CVE-2011-0726, CVE-2011-1015, CVE-2011-1044, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1093, CVE-2011-1163, CVE-2011-1166, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1182, CVE-2011-1494, CVE-2011-1495, CVE-2011-1521, CVE-2011-1573
SHA-256 | e35a8f609b986bb8b2fc490b895224847eba088cf1f87974f9bc5820e0c3c589
Red Hat Security Advisory 2011-0896-01
Posted Jun 24, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-0896-01 - JBoss Enterprise Web Server has been updated to mitigate multiple vulnerabilities such as cross site scripting, information leaks, and more.

tags | advisory, web, vulnerability, xss
systems | linux, redhat
advisories | CVE-2008-7270, CVE-2009-3245, CVE-2009-3560, CVE-2009-3720, CVE-2009-3767, CVE-2010-1157, CVE-2010-1452, CVE-2010-1623, CVE-2010-2068, CVE-2010-3718, CVE-2010-4172, CVE-2010-4180, CVE-2011-0013, CVE-2011-0419
SHA-256 | afb754e948ecb997661a2640f0ff3042c01bce970a3e081cc14ecea1dd6901bc
Ubuntu Security Notice 890-6
Posted Apr 16, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 890-6 - USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for CMake. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2009-3560, CVE-2009-3720
SHA-256 | 1f32136aec10fe43a90bf2ba1b04fc4cb7a66b529d203b5c07c70c2fef09e488
VMware Security Advisory 2010-0004
Posted Mar 5, 2010
Authored by VMware | Site vmware.com

VMware Security Advisory - Updates have been issues for ESX Service Console newt, nfs-utils, and glib2 packages. vMA updates for newt, nfs-util, glib2, kpartx, libvolume-id, device-mapper-multipath, fipscheck, dbus, dbus-libs, ed, openssl, bind, expat, openssh, ntp and kernel packages have also been issued.

tags | advisory, kernel
advisories | CVE-2009-2905, CVE-2008-4552, CVE-2008-4316, CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386, CVE-2009-1387, CVE-2009-0590, CVE-2009-4022, CVE-2009-3560, CVE-2009-3720, CVE-2009-2904, CVE-2009-3563, CVE-2009-2695, CVE-2009-2849, CVE-2009-2695, CVE-2009-2908
SHA-256 | 0ae5770077c762418cfd24f3ee041e3030eda4c4cf779c13c8b5a0c5d3c879ca
Ubuntu Security Notice 890-5
Posted Feb 19, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 890-5 - USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for XML-RPC for C and C++. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2009-3560, CVE-2009-3720
SHA-256 | 52eb5cf05dd186c7c71a01ca7548fbcb53330023b7e0dfb24faca286a3ad70be
Ubuntu Security Notice 890-4
Posted Jan 27, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 890-4 - USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for PyXML. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2009-3560, CVE-2009-3720
SHA-256 | 42a2daccd8cc1406010126b963ee66d202639413a9de1bb48654443115f644d7
Debian Linux Security Advisory 1977-1
Posted Jan 27, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1977-1 - Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that the embedded Expat copy in the interpreter for the Python language, does not properly process malformed or crafted XML files. This vulnerability could allow an attacker to cause a denial of service while parsing a malformed XML file. In addition, this update fixes an integer overflow in the hashlib module in python2.5. This vulnerability could allow an attacker to defeat cryptographic digests. It only affects the oldstable distribution (etch).

tags | advisory, denial of service, overflow, python
systems | linux, debian
advisories | CVE-2008-2316, CVE-2009-3560, CVE-2009-3720
SHA-256 | 28197fcb1e4306a91d0fa3becafcfc0ced03343e6c675879be0de7506a38c77d
Ubuntu Security Notice 890-3
Posted Jan 22, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 890-3 - USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for the PyExpat module in Python 2.4. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.

tags | advisory, denial of service, vulnerability, python
systems | linux, ubuntu
advisories | CVE-2009-3560, CVE-2009-3720
SHA-256 | 2d03d955c3cfb57a0bfe01de70f6a02b616d92fb935678c879af3a64fe866cb2
Ubuntu Security Notice 890-2
Posted Jan 22, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 890-2 - USN-890-1 fixed vulnerabilities in Expat. This update provides the corresponding updates for the PyExpat module in Python 2.5. Original advisory details: Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.

tags | advisory, denial of service, vulnerability, python
systems | linux, ubuntu
advisories | CVE-2009-3560, CVE-2009-3720
SHA-256 | ea6b31bbdb860ef163601a21ea9d535929947d631fc7f47bfc3b910ed0ae749e
Ubuntu Security Notice 890-1
Posted Jan 21, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 890-1 - Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2009-2625, CVE-2009-3560, CVE-2009-3720
SHA-256 | d4220160b2265aec5952c4517574f263f4c2b458f115db9b08bc867f153d8cbd
Mandriva Linux Security Advisory 2009-220
Posted Jan 5, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-220 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update fixes this vulnerability. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-3720
SHA-256 | 67dc6d1212f994353a82a485d288d61d0b7548724d058323fe81e9918f9e3e00
Mandriva Linux Security Advisory 2009-219
Posted Dec 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-219 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. Additionally on 2009.0 a patch was added to prevent kompozer from crashing (#44830), on 2009.1 a format string patch was added to make it build with the -Wformat -Werror=format-security gcc optimization switch added in 2009.1 This update fixes these issues. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-3720
SHA-256 | 259cb51fc64a68087231271bc5f45382e6323dbe446bfc341aebee2d99bdd46f
Mandriva Linux Security Advisory 2009-215
Posted Dec 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-215 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update fixes this vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-3720
SHA-256 | b606e4a38908ee44fcf245b3d2a7902213b27af95f4d78f5cb7fb6b22fe49c7f
Mandriva Linux Security Advisory 2009-218
Posted Dec 5, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-218 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update fixes this vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-3720
SHA-256 | 9fd0ff086bb44dc8e359fd8376d752218295138428e54a6bfa310fbfb8ce96a6
Mandriva Linux Security Advisory 2009-212
Posted Dec 5, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-212 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update fixes this vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-3720
SHA-256 | 358cb28343b772c856a944d157b77948108a5b54631268a1ccbe541f63fe6705
Mandriva Linux Security Advisory 2009-211
Posted Dec 5, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-211 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update fixes this vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-3720
SHA-256 | 97f13c48199e07b60361d99f2c70e6d5d028a834e4d0622e76289e5d80e2620c
Mandriva Linux Security Advisory 2009-213
Posted Dec 5, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-213 - A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update fixes this vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2009-3720
SHA-256 | 253b9fa53a1c05a4c3ee23a4ab7f94b0ba873b10873bbb8e8329d1b7cce2f7aa
Mandriva Linux Security Advisory 2009-217
Posted Dec 3, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-217 - A number of security vulnerabilities have been discovered in Mozilla Security issues in thunderbird could lead to a man-in-the-middle attack via a spoofed X.509 certificate. A vulnerability was found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a denial of service attack. Related to CVE-2009-2625. This update provides the latest version of Thunderbird which are not vulnerable to these issues. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, denial of service, spoof, vulnerability
systems | linux, mandriva
advisories | CVE-2009-2408, CVE-2009-3720
SHA-256 | 042df619289149414468593fc222a4e12bebd8929de0148ed365c11a1e535552
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close