Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2009-3720HistoryNov 03, 2009 - 4:30 p.m.
CVE-2009-3720
2009-11-0316:30:00
Debian Security Bug Tracker
security-tracker.debian.org
20
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.032 Low
EPSS
Percentile
91.1%
The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | audacity | < 1.3.2-1 | audacity_1.3.2-1_all.deb |
| Debian | 11 | all | audacity | < 1.3.2-1 | audacity_1.3.2-1_all.deb |
| Debian | 10 | all | audacity | < 1.3.2-1 | audacity_1.3.2-1_all.deb |
| Debian | 999 | all | audacity | < 1.3.2-1 | audacity_1.3.2-1_all.deb |
| Debian | 13 | all | audacity | < 1.3.2-1 | audacity_1.3.2-1_all.deb |
| Debian | 12 | all | cadaver | <= 0.24+dfsg-1 | cadaver_0.24+dfsg-1_all.deb |
| Debian | 11 | all | cadaver | <= 0.23.3-2.1 | cadaver_0.23.3-2.1_all.deb |
| Debian | 10 | all | cadaver | <= 0.23.3-2.1 | cadaver_0.23.3-2.1_all.deb |
| Debian | 999 | all | cadaver | <= 0.24+dfsg-3 | cadaver_0.24+dfsg-3_all.deb |
| Debian | 13 | all | cadaver | <= 0.24+dfsg-3 | cadaver_0.24+dfsg-3_all.deb |
Related
nessus
nessus
Mandriva Linux Security Advisory : wxgtk (MDVSA-2009:213-1)
2009-08-24 00:00:00
Mandriva Linux Security Advisory : kompozer (MDVSA-2009:219-1)
2009-08-25 00:00:00
Mandriva Linux Security Advisory : audacity (MDVSA-2009:215-1)
2009-08-24 00:00:00
prion
prion
Buffer overflow
2009-11-03 16:30:00
Buffer overflow
2009-12-04 21:30:00
ubuntucve
ubuntucve
openvas
openvas
Mandriva Security Advisory MDVSA-2009:219-1 (kompozer)
2009-12-10 00:00:00
Mandriva Security Advisory MDVSA-2009:219-1 (kompozer)
2009-12-10 00:00:00
Mandriva Security Advisory MDVSA-2009:218-1 (w3c-libwww)
2009-12-10 00:00:00
cve
cve
CVE-2009-3720
2009-11-03 16:30:00
CVE-2009-3560
2009-12-04 21:30:00
f5
f5
SOL15905 - Expat vulnerabilities CVE-2009-3560 and CVE-2009-3720
2014-12-11 00:00:00
K15905 : Expat vulnerabilities CVE-2009-3560 and CVE-2009-3720
2015-03-16 00:00:00
ubuntu
ubuntu
Python 2.4 vulnerabilities
2010-01-22 00:00:00
XML-RPC for C and C++ vulnerabilities
2010-02-18 00:00:00
CMake vulnerabilities
2010-04-15 00:00:00
debiancve
debiancve
CVE-2009-3560
2009-12-04 21:30:00
slackware
slackware
[slackware-security] expat
2011-02-11 01:17:08
freebsd
freebsd
libwww -- multiple vulnerabilities
2005-10-12 00:00:00
expat2 -- Parser crash with specially formatted UTF-8 sequences
2009-01-17 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: SimGear-2.0.0-5.fc15
2011-04-26 16:26:08
[SECURITY] Fedora 13 Update: SimGear-2.0.0-5.fc13
2011-04-29 22:18:11
[SECURITY] Fedora 11 Update: expat-2.0.1-6.fc11.1
2009-11-04 12:31:44
redhat
redhat
(RHSA-2009:1572) Moderate: 4Suite security update
2009-11-10 00:00:00
(RHSA-2010:0002) Moderate: PyXML security update
2010-01-04 00:00:00
httpd
httpd
Apache Httpd < 2.0.64 : expat DoS
2009-08-21 00:00:00
Apache Httpd < 2.2.17 : expat DoS
2009-08-21 00:00:00
centos
centos
PyXML security update
2010-01-04 23:32:13
4Suite security update
2009-11-10 21:28:54
altlinux
altlinux
Security fix for the ALT Linux 5 package centerim version 4.22.10-alt1
2010-11-24 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:55:28
oraclelinux
oraclelinux
PyXML security update
2010-01-04 00:00:00
4Suite security update
2009-11-10 00:00:00
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.032 Low
EPSS
Percentile
91.1%
Related for DEBIANCVE:CVE-2009-3720