CVE-2009-3627

Metadata

CVE-2009-3627
4.3
github.com, openwall.com, securityfocus.com, vupen.com, bugzilla.redhat.com, exchange.xforce.ibmcloud.com, issues.apache.org
2009-10-29
2017-08-17 06:09

Description

The decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character.

Related Vulnerabilities

platform vulnerability
CVE-2009-3627 libhtml-parser-perl
CVE-2009-3627