Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Expat 2.0.1 - UTF-8 Character XML Parsing Remote Denial of Service

🗓️ 12 Nov 2009 00:00:00Reported by Peter ValchevType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 41 Views

Expat 2.0.1 - UTF-8 Character XML Parsing Remote Denial of Servic

Code
Bugtraq ID: 36097
Class: Input Validation Error

Published: Jan 17 2009 12:00AM
Updated: Nov 12 2009 08:06PM
Credit: Peter Valchev
Vulnerable: SuSE openSUSE 11.0
SuSE openSUSE 10.3
SuSE Linux 9
SuSE Linux 11
SuSE Linux 10.0
RedHat Fedora 11
RedHat Fedora 10
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux Desktop version 4
RedHat Desktop 3.0
Python Software Foundation Python 3.0.1
Python Software Foundation Python 2.6.2
Python Software Foundation Python 2.5.3
Python Software Foundation Python 2.5.2 r6
Python Software Foundation Python 2.5.2
Python Software Foundation Python 2.5.1
Python Software Foundation Python 2.4.5
Python Software Foundation Python 2.4.4 r14
Python Software Foundation Python 2.4.4
Python Software Foundation Python 2.4.3
+ Trustix Secure Linux 3.0.5
Python Software Foundation Python 2.4.2
Python Software Foundation Python 2.4.1
Python Software Foundation Python 2.4
Python Software Foundation Python 2.3.6
Python Software Foundation Python 2.3.5
Python Software Foundation Python 2.3.4
+ MandrakeSoft Linux Mandrake 10.1 x86_64
+ MandrakeSoft Linux Mandrake 10.1
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Python Software Foundation Python 2.3.3
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ MandrakeSoft Linux Mandrake 10.0 AMD64
+ MandrakeSoft Linux Mandrake 10.0
+ MandrakeSoft Linux Mandrake 9.2 amd64
+ MandrakeSoft Linux Mandrake 9.2
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
Python Software Foundation Python 2.3.2
Python Software Foundation Python 2.3.1
Python Software Foundation Python 2.3 b1
Python Software Foundation Python 2.3
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
Python Software Foundation Python 2.2.3
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux AS 3
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Python Software Foundation Python 2.2.2
+ OpenPKG OpenPKG 1.2
+ RedHat Linux 7.3
+ S.u.S.E. Linux Personal 8.2
Python Software Foundation Python 2.2.1
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Linux Mandrake 9.0
+ OpenPKG OpenPKG 1.1
+ S.u.S.E. Linux 8.1
Python Software Foundation Python 2.2
+ Conectiva Linux 8.0
+ MandrakeSoft Linux Mandrake 8.2 ppc
+ MandrakeSoft Linux Mandrake 8.2
+ MandrakeSoft Linux Mandrake 8.1 ia64
+ MandrakeSoft Linux Mandrake 8.1
Python Software Foundation Python 2.1.3
+ Debian Linux 3.0
Python Software Foundation Python 2.1.2
Python Software Foundation Python 2.1.1
+ RedHat Linux 7.2
+ Sun Linux 5.0.7
Python Software Foundation Python 2.1
+ Conectiva Linux 7.0
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
Python Software Foundation Python 2.0.1
Python Software Foundation Python 2.0
+ MandrakeSoft Linux Mandrake 8.0 ppc
+ MandrakeSoft Linux Mandrake 8.0
Python Software Foundation Python 2.5
Pardus Linux 2009 0
Pardus Linux 2008 0
James Clark Expat 2.0.1
Gentoo Linux
Not Vulnerable: Python Software Foundation Python 3.1.1 

The Expat library is prone to a denial-of-service vulnerability because it fails to properly handle crafted XML data.

Exploiting this issue allows remote attackers to cause denial-of-service conditions in the context of an application using the vulnerable XML parsing library.

Expat 2.0.1 is vulnerable; other versions may also be affected. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/10206-1.gz (2009-11-22-36097.gz)
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/10206-2.gz (2009-11-22-36097-2.gz)

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
12 Nov 2009 00:00Current
7.4High risk
Vulners AI Score7.4
input validation errorbugtraq id 36097published jan 17 2009updated nov 12 2009credit peter valchevvulnerable suse opensuse 11.0suse opensuse 10.3suse linux 9suse linux 11suse linux 10.0redhat fedora 11redhat fedora 10redhat enterprise linux ws 4redhat enterprise linux ws 3redhat enterprise linux es 4redhat enterprise linux es 3redhat enterprise linux as 4redhat enterprise linux as 3redhat enterprise linux desktop version 4redhat desktop 3.0python software foundation python 3.0.1python software foundation python 2.6.2python software foundation python 2.5.3python software foundation python 2.5.2 r6python software foundation python 2.5.2python software foundation python 2.5.1python software foundation python 2.4.5python software foundation python 2.4.4 r14python software foundation python 2.4.4python software foundation python 2.4.3trustix secure linux 3.0.5mandrakesoft linux mandrake 10.1 x86_64mandrakesoft linux mandrake 10.1s.u.s.e. linux personal 9.2 x86_64s.u.s.e. linux personal 9.2ubuntu ubuntu linux 4.1 ppcubuntu ubuntu linux 4.1 ia64ubuntu ubuntu linux 4.1 ia32python software foundation python 2.3.3mandrakesoft corporate server 3.0 x86_64mandrakesoft corporate server 3.0mandrakesoft linux mandrake 10.0 amd64s.u.s.e. linux personal 9.0 x86_64s.u.s.e. linux personal 9.0python software foundation python 2.2.3redhat desktop 3.0openpkg openpkg 1.2redhat linux 7.3s.u.s.e. linux personal 8.2gentoo linux 1.4 _rc1gentoo linux 1.2mandrakesoft corporate server 2.1 x86_64mandrakesoft corporate server 2.1mandrakesoft linux mandrake 9.0openpkg openpkg 1.1s.u.s.e. linux 8.1mandrakesoft linux mandrake 8.2 ppcmandrakesoft linux mandrake 8.2mandrakesoft linux mandrake 8.1 ia64debian linux 3.0 sparcdebian linux 3.0 s/390debian linux 3.0 ppcdebian linux 3.0 mipseldebian linux 3.0 mipsdebian linux 3.0 m68kdebian linux 3.0 ia-64
41