CVE-2009-3627

NameCVE-2009-3627
DescriptionThe decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1923-1
NVD severitymedium (attack range: remote)
Debian Bugs552531

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libhtml-parser-perl (PTS)wheezy3.69-2fixed
jessie3.71-1fixed
buster, sid, stretch3.72-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libhtml-parser-perlsource(unstable)3.64-1medium552531
libhtml-parser-perlsourceetch3.55-1+etch1mediumDSA-1923-1
libhtml-parser-perlsourcelenny3.56-1+lenny1mediumDSA-1923-1

Notes

http://secunia.com/advisories/37155/

Search for package or bug name: Reporting problems