cbcvebase.
CVE-2021-46143
published 2022-01-06

CVE-2021-46143: In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.

high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.

Affected

11 ranges
VendorProductVersion rangeFixed in
debianexpat< expat 2.4.3-1 (bookworm)expat 2.4.3-1 (bookworm)
debianlibxmltok< expat 2.4.3-1 (bookworm)expat 2.4.3-1 (bookworm)
libexpat_projectlibexpat< 2.4.32.4.3
msrccbl2_expat_2.4.3-1_on_cbl_mariner_2.0
msrccm1_expat_2.4.3-1_on_cbl_mariner_1.0
netapphci_baseboard_management_controller
netapphci_baseboard_management_controller
netapphci_baseboard_management_controller
siemenssinema_remote_connect_server< 3.13.1
tenablenessus< 8.15.38.15.3
tenablenessus>= 10.0.0 < 10.1.110.1.1

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH