CVE-2009-5016
PHP < 5.2.10 - Integer Overflow in xml_utf8_decode Function
Title source: llmDescription
Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string that uses overlong UTF-8 encoding, a different vulnerability than CVE-2010-3870.
References (15)
Core 15
Core References
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0077
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/44889
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42812
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0195.html
Exploit x_refsource_confirm
http://bugs.php.net/bug.php?id=49687
Exploit x_refsource_misc
http://www.blackhat.com/presentations/bh-usa-09/VELANAVA/BHUSA09-VelaNava-FavoriteXSS-SLIDES.pdf
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1042-1
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0919.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0021
Exploit x_refsource_misc
http://sirdarckcat.blogspot.com/2009/10/couple-of-unicode-issues-on-php-and.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42410
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0020
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3081
Scores
EPSS
0.0345
EPSS Percentile
87.7%
Details
CWE
CWE-189
Status
published
Products (45)
php/php
1.0
php/php
2.0
php/php
2.0b10
php/php
3.0
php/php
3.0.1
php/php
3.0.2
php/php
3.0.3
php/php
3.0.4
php/php
3.0.5
php/php
3.0.6
... and 35 more
Published
Nov 12, 2010
Tracked Since
Feb 18, 2026