Vulnerabilities

CVE-2009-3627

by Fred · 29/10/2009

The decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character.

Date published : 2009-10-29

http://www.securityfocus.com/bid/36807

http://github.com/gisle/html-parser/commit/b9aae1e43eb2c8e989510187cff0ba3e996f9a4c

Similar

Tags: Cybersecurity Alert