p5-HTML-Parser -- denial of service

2009-10-23T00:00:00
ID 68BDA678-CAAB-11DE-A97E-BE89DFD1042E
Type freebsd
Reporter FreeBSD
Modified 2009-10-23T00:00:00

Description

CVE reports:

The decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character.