Vulnetix
Try Vulnetix Request Demo
CVE-2009-3560 PUBLISHED

The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.

EPSS 2.83% · 86.1th percentile

Risk Scores

EPSS Score
2.83%
86.1th percentile

Affected Products

VendorProductVersions
Ubuntu:18.04:LTSswish-e0, 2.4.7-5ubuntu1
Ubuntu:20.04:LTSswish-e2.4.7-6build2, 0, 2.4.7-6build1
Ubuntu:18.04:LTSmatanza0.13+ds1-5build1, 0.13+ds1-6, 0
Ubuntu:22.04:LTSmatanza0, 0.13+ds2-1
Ubuntu:25.10sitecopy1:0.16.6-16build1, 1:0.16.6-16, 0
Ubuntu:16.04:LTSswish-e2.4.7-4, 0, 2.4.7-4build1
Ubuntu:24.04:LTSmatanza0.13+ds2-1, 0, 0.13+ds2-1build2
Ubuntu:22.04:LTSswish-e2.4.7-6.1build1, 0, 2.4.7-6build3
Ubuntu:16.04:LTSmatanza0, 0.13+ds1-5
Ubuntu:18.04:LTScoin33.1.4~abc9f50+dfsg2-1, 0, 3.1.4~abc9f50+dfsg3-2
Ubuntu:20.04:LTSmatanza0.13+ds2-1, 0.13+ds1-6, 0
Ubuntu:Pro:16.04:LTScoin33.1.4~abc9f50+dfsg1-1ubuntu0.1~esm1, 3.1.4~abc9f50+dfsg1-1, 0
Ubuntu:16.04:LTScableswig0.1.0+git20150808-2, 0, 0.1.0+git20150808-1
Ubuntu:Pro:14.04:LTScoin33.1.4~abc9f50-4ubuntu2, 3.1.4~abc9f50-4ubuntu2+esm1, 0
Ubuntu:25.10swish-e2.4.7-7, 0, 2.4.7-6.3
Ubuntu:24.04:LTSswish-e2.4.7-6.2build2, 2.4.7-6.2build1, 2.4.7-6.2
Ubuntu:25.10matanza0, 0.13+ds2-2

Timeline

References

Open in Interactive Console →