CVE-2024-45490

CWE-611 — XML External Entity (XXE)CWE-190 — Integer Overflow37 documents10 sources

Severity

7.5HIGH

EPSS

0.5%

top 32.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libexpat Project Libexpat

Timeline

PublishedAug 30

Latest updateDec 11

Description

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDlibexpat_project/libexpat< 2.6.3

▶Debianexpat< 2.2.10-2+deb11u6+3

▶Ubuntuexpat< 2.2.9-1ubuntu0.7+5

▶Ubuntulibxmltok< 1.2-3ubuntu0.16.04.1~esm4+4

Patches

Patch: github.com ↗

🔴Vulnerability Details

OSV

expat vulnerabilities↗2024-09-17

▶

OSV

libxmltok vulnerabilities↗2024-09-17

▶

OSV

expat vulnerabilities↗2024-09-12

▶

OSV

libxmltok vulnerabilities↗2024-09-12

▶

CVEList

CVE-2024-45490: An issue was discovered in libexpat before 2↗2024-08-30

▶

📋Vendor Advisories

Apple

CVE-2024-45490: visionOS2.2↗2024-12-11

▶

Apple

CVE-2024-44225: macOSVentura13.7.2↗2024-12-11

▶

Apple

CVE-2024-54514: tvOS18.2↗2024-12-11

▶

Apple

CVE-2024-54514: macOS Sequoia 15.2↗2024-12-11

▶

Apple

CVE-2024-45490: iPadOS17.7.3↗2024-12-11

▶