PT-2009-5900 · Html Parser · Html-Parser

Jan Iankko Lieskovsky

Published

2009-10-29

Updated

2024-06-15

CVE-2009-3627

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions HTML-Parser versions prior to 3.63

Description The issue allows context-dependent attackers to cause a denial of service, specifically an infinite loop, by providing an incomplete SGML numeric character reference. This triggers the generation of an invalid UTF-8 character through the decode entities function in util.c.

Recommendations For versions prior to 3.63, update to version 3.63 or later to resolve the issue.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2009-3627

DSA-1923-1

OPENSUSE-SU-2024:10369-1

Affected Products

Html-Parser

PT-2009-5900 · Html Parser · Html-Parser

CVE-2009-3627

Weakness Enumeration

Related Identifiers

Affected Products

References · 14