FreeBSD : expat2 -- buffer over-read and crash (e9fca207-e399-11de-881e-001aa0166822)
Medium Nessus Plugin ID 43038
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionCVE reports :
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c.
SolutionUpdate the affected package.