Vulnerability Description
The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libexpat Project | Libexpat | 2.0.1 |
| A M Kuchling | Pyxml | All versions |
| Python | Python | All versions |
| Apache | Http Server | >= 2.0.35, < 2.0.64 |
References
- http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.13&r2Exploit
- http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?view=logMailing ListThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051228.hThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051247.hMailing ListThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051367.hThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051405.hThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051442.hThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.htmlThird Party AdvisoryVDB Entry
- http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.htmlThird Party AdvisoryVDB Entry
- http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.htmlThird Party AdvisoryVDB Entry
- http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.htmlThird Party AdvisoryVDB Entry
- http://lists.vmware.com/pipermail/security-announce/2010/000082.htmlBroken Link
- http://mail.python.org/pipermail/expat-bugs/2009-January/002781.htmlThird Party Advisory
- http://marc.info/?l=bugtraq&m=130168502603566&w=2Mailing ListThird Party Advisory
FAQ
What is CVE-2009-3720?
CVE-2009-3720 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (...
How severe is CVE-2009-3720?
CVE-2009-3720 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3720?
Check the references section above for vendor advisories and patch information. Affected products include: Libexpat Project Libexpat, A M Kuchling Pyxml, Python Python, Apache Http Server.