CVE-2009-3720: Medium severity ibm engineering requirements management doors web access vulnerability

Q: What is the severity of CVE-2009-3720?

CVE-2009-3720 is considered a critical vulnerability due to its potential to cause application crashes.

Q: How do I fix CVE-2009-3720?

To mitigate CVE-2009-3720, update the affected expat or python packages to the specified remedial versions in the advisory.

Q: Which software products are affected by CVE-2009-3720?

CVE-2009-3720 affects expat, python, and products such as IBM Engineering Requirements Management DOORS, along with Apache HTTP Server in specific versions.

Q: What can happen if I don't address CVE-2009-3720?

Neglecting to address CVE-2009-3720 can lead to application instability and security risks due to crashes when processing malformed XML.

Q: Who discovered the CVE-2009-3720 vulnerability?

CVE-2009-3720 was discovered by Peter Valchev.

Published Jan 17, 2009

Updated

Peter Valchev discovered a flaw in the way expat handled malformed UTF-8 sequences when processing XML files. Incorrect UTF-8 sequenced could cause expat to fail to properly detect end of input and continue reading behind the end of input buffer. This results in a crash once reading reaches unmapped memory.

Non-public upstream bug report: http://sourceforge.net/tracker/?func=detail&aid=1990430&groupid=10127&atid=110127

Contents of the report leaked via expat-bugs mailing list posts: http://mail.python.org/pipermail/expat-bugs/2009-January/002781.html

Upstream patch: http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltokimpl.c?r1=1.13&r2=1.15

References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551936 https://bugs.gentoo.org/showbug.cgi?id=280615

Other sources

The Expat XML Parser is vulnerable to a denial of service, caused by an error when parsing UTF-8 sequences. A remote attacker could exploit this vulnerability to cause the application using the affected library to crash.

— IBM

The updatePosition function in lib/xmltokimpl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.

Affected Software

16 affected componentsFixes available

redhat/expat<0:1.95.7-4.el4_8.2

0:1.95.7-4.el4_8.2

redhat/python<0:2.3.4-14.10.el4

0:2.3.4-14.10.el4

redhat/expat<0:1.95.8-8.3.el5_4.2

0:1.95.8-8.3.el5_4.2

redhat/python<0:2.4.3-44.el5

0:2.4.3-44.el5

redhat/expat<2.1.0

2.1.0

IBM Engineering Requirements Management DOORS<=9.7.2.8

IBM Engineering Requirements Management DOORS Web Access<=9.7.2.8

IBM IBM® Rational DOORS/DOORS Web Access<=9.6.1.x

James Clark Expat=2.0.1

A M Kuchling Pyxml

Python Python

All of the following

Libexpat Project Libexpat=2.0.1

Any of the following

A M Kuchling Pyxml

Python Python

Apache HTTP Server>=2.0.35<2.0.64

Apache HTTP Server>=2.2.0<2.2.17

Event History

Jan 17, 2009

CVE Published

via Red Hat·12:00 AM

Nov 3, 2009

CVE Published

via MITRE·04:00 PM

Data Sourced

via MITRE·04:00 PM

Description

Data Sourced

04:30 PM

DescriptionWeaknessAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Frequently Asked Questions

What is the severity of CVE-2009-3720?

CVE-2009-3720 is considered a critical vulnerability due to its potential to cause application crashes.

How do I fix CVE-2009-3720?

To mitigate CVE-2009-3720, update the affected expat or python packages to the specified remedial versions in the advisory.

Which software products are affected by CVE-2009-3720?