The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2009-11-03T16:00:00
Updated: 2024-08-07T06:38:30.003Z
Reserved: 2009-10-16T00:00:00
Link: CVE-2009-3720
Vulnrichment
No data.
NVD
Status : Modified
Published: 2009-11-03T16:30:12.563
Modified: 2024-11-21T01:08:02.680
Link: CVE-2009-3720
Redhat