PT-2009-6688 · Expat+5 · Expat+5

Jan Lieskovsky

·

Published

1970-01-01

·

Updated

2024-06-15

·

CVE-2009-3560

CVSS v2.0

5.0

Medium

VectorAV:N/AC:L/Au:N/C:N/I:N/A:P
Name of the Vulnerable Software and Affected Versions expat versions prior to 2.1.0 beta3 lib64expat1 versions (affected versions not specified) libexpat1-dev versions (affected versions not specified) lib64expat1-dev versions (affected versions not specified) libexpat1 versions (affected versions not specified) libexpat1-udeb versions (affected versions not specified)
Description The issue is related to multiple vulnerabilities in the expat library, which can lead to a denial of service due to a buffer over-read flaw. An attacker may be able to cause a crash by getting the system to parse an untrusted XML document, potentially leading to a disruption in the availability of protected information. The exploitation of these vulnerabilities can be done remotely.
Recommendations For expat versions prior to 2.1.0 beta3, update to version 2.1.0 beta3 or later. For lib64expat1, libexpat1-dev, lib64expat1-dev, libexpat1, and libexpat1-udeb, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

AZL-43780
AZL-44736
BDU:2015-02825
BDU:2015-02826
BDU:2015-02827
BDU:2015-02828
BDU:2015-02829
BDU:2015-09649
CVE-2009-3560
DSA-1953-1
DSA-1953-2
DSA-1977-1
HPSBUX02645
OPENSUSE-SU-2024:10077-1
OPENSUSE-SU-2024:10268-1
OPENSUSE-SU-2024:10568-1
OPENSUSE-SU-2024:11586-1
RHSA-2009:1625
RHSA-2009_1625
USN-890-1
USN-890-2
USN-890-3
USN-890-4
USN-890-5
USN-890-6

Affected Products

Apache Http Server
Debian
Hp-Ux
Red Hat
Expat
Itunes