FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2009-3560

This CVE name corresponds to:

Entered Topic
2010-10-06 apr -- multiple vunerabilities
2009-12-08 expat2 -- buffer over-read and crash

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2009-3560
Phase Assigned(20091005)

Description

The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.

References

Source Reference
MLIST [expat-bugs] 20091108 [ expat-Bugs-2894085 ] expat: buffer over-read and crash in big2_toUtf8()
MLIST [security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates
CONFIRM http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.165
CONFIRM http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=log#rev1.165
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=533174
DEBIAN DSA-1953
FEDORA FEDORA-2009-12690
FEDORA FEDORA-2009-12716
FEDORA FEDORA-2009-12737
MANDRIVA MDVSA-2009:316
REDHAT RHSA-2011:0896
SLACKWARE SSA:2011-041-02
SUNALERT 273630
SUSE SUSE-SR:2010:001
SUSE SUSE-SR:2010:011
SUSE SUSE-SR:2010:012
SUSE SUSE-SR:2010:013
SUSE SUSE-SR:2010:014
UBUNTU USN-890-1
UBUNTU USN-890-6
BID 37203
OVAL oval:org.mitre.oval:def:10613
OVAL oval:org.mitre.oval:def:6883
OVAL oval:org.mitre.oval:def:12942
SECTRACK 1023278
SECUNIA 37537
SECUNIA 38231
SECUNIA 38794
SECUNIA 38832
SECUNIA 38834
SECUNIA 39478
SECUNIA 41701
SECUNIA 43300
VUPEN ADV-2010-0528
VUPEN ADV-2010-0896
VUPEN ADV-2010-1107
VUPEN ADV-2011-0359