cpe:/a:derrick_oswald:html-parser:1.00 cpe:/a:derrick_oswald:html-parser:1.1 cpe:/a:derrick_oswald:html-parser:1.2 cpe:/a:derrick_oswald:html-parser:1.3 cpe:/a:derrick_oswald:html-parser:1.4 cpe:/a:derrick_oswald:html-parser:1.5 cpe:/a:derrick_oswald:html-parser:1.6 cpe:/a:derrick_oswald:html-parser:1.41 cpe:/a:derrick_oswald:html-parser:1.42 cpe:/a:derrick_oswald:html-parser:3.54 CVE-2009-3627 2009-10-29T10:30:01.203-04:00 2017-08-16T21:31:12.350-04:00 4.3 NETWORK MEDIUM NONE NONE NONE PARTIAL http://nvd.nist.gov 2009-10-30T10:25:00.000-04:00 BID 36807 SECUNIA 37155 VUPEN ADV-2009-3022 MLIST [oss-security] 20091023 CVE-2009-3627 assignment notification - HTML-Parser-3.63 XF htmlparser-decodeentities-dos(53941) CONFIRM http://github.com/gisle/html-parser/commit/b9aae1e43eb2c8e989510187cff0ba3e996f9a4c CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=530604 CONFIRM https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225 The decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character.