VDB
CVE-2009-3627
CVE-2009-3627
PUBLISHED
CVSS 4.300000190734863 MEDIUM
The decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character.
EPSS 0.73% · 73.0th percentile
Risk Scores
CVSS 2.0
4.300000190734863
EPSS Score
0.73%
73.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| derrick_oswald | html-parser | 1.1, 0, 1.00 |
| n/a | n/a | * |
Timeline
- Oct 29, 2009 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- ADV-2009-3022 vdb
- [oss-security] 20091023 CVE-2009-3627 assignment notification - HTML-Parser-3.63 mailing-list
- htmlparser-decodeentities-dos(53941) vdb
- https://bugzilla.redhat.com/show_bug.cgi?id=530604 url
- 36807 vdb
- 37155 third-party-advisory
- https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225 url
- http://github.com/gisle/html-parser/commit/b9aae1e43eb2c8e989510187cff0ba3e996f9a4c url
- https://nvd.nist.gov/vuln/detail/CVE-2009-3627 advisory