CVE-2011-1156

Current Description

feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0.1 allows remote attackers to cause a denial of service (application crash) via a malformed DOCTYPE declaration.

Basic Data

PublishedApril 11, 2011
Last ModifiedAugust 24, 2011
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-399
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMark PilgrimFeedparser3.0*******
    2.3ApplicationMark PilgrimFeedparser3.0.1*******
    2.3ApplicationMark PilgrimFeedparser3.1*******
    2.3ApplicationMark PilgrimFeedparser3.2*******
    2.3ApplicationMark PilgrimFeedparser3.3*******
    2.3ApplicationMark PilgrimFeedparser4.0*******
    2.3ApplicationMark PilgrimFeedparser4.0.1*******
    2.3ApplicationMark PilgrimFeedparser4.0.2*******
    2.3ApplicationMark PilgrimFeedparser4.1*******
    2.3ApplicationMark PilgrimFeedparser********5.0

Vulnerable Software List

VendorProductVersions
Mark Pilgrim Feedparser *, 3.0, 3.0.1, 3.1, 3.2, 3.3, 4.0, 4.0.1, 4.0.2, 4.1

References

NameSourceURLTags
[opensuse-updates] 20110408 openSUSE-SU-2011:0314-1 (moderate): python-feedparser security updatehttp://lists.opensuse.org/opensuse-updates/2011-04/msg00026.htmlMLIST
[oss-security] 20110314 CVE request for python-feedparserhttp://openwall.com/lists/oss-security/2011/03/14/18MLISTPatch
[oss-security] 20110315 Re: CVE request for python-feedparserhttp://openwall.com/lists/oss-security/2011/03/15/11MLISTExploit Patch
43730http://secunia.com/advisories/43730SECUNIAVendor Advisory
44074http://secunia.com/advisories/44074SECUNIAVendor Advisory
http://support.novell.com/security/cve/CVE-2011-1156.htmlhttp://support.novell.com/security/cve/CVE-2011-1156.htmlCONFIRM
MDVSA-2011:082http://www.mandriva.com/security/advisories?name=MDVSA-2011:082MANDRIVA
46867http://www.securityfocus.com/bid/46867BID
https://bugzilla.novell.com/show_bug.cgi?id=680074https://bugzilla.novell.com/show_bug.cgi?id=680074CONFIRMExploit Patch
https://bugzilla.redhat.com/show_bug.cgi?id=684877https://bugzilla.redhat.com/show_bug.cgi?id=684877CONFIRM
https://code.google.com/p/feedparser/issues/detail?id=91https://code.google.com/p/feedparser/issues/detail?id=91CONFIRMExploit Patch