CVE-2024-45491Integer Overflow or Wraparound in Project Libexpat

CWE-190Integer Overflow or Wraparound17 documents9 sources
Severity
9.8CRITICALNVD
OSV7.5
EPSS
0.6%
top 30.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Libexpat Project Libexpat
Timeline
PublishedAug 30
Latest updateSep 17

Description

An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

Patches

Patch: github.com

🔴Vulnerability Details

7
OSV
libxmltok vulnerabilities2024-09-17
OSV
expat vulnerabilities2024-09-17
OSV
expat vulnerabilities2024-09-12
OSV
libxmltok vulnerabilities2024-09-12
CVEList
CVE-2024-45491: An issue was discovered in libexpat before 22024-08-30

📋Vendor Advisories

9
Ubuntu
xmltok library vulnerabilities2024-09-17
BSD
OpenBSD 7.5 Errata 007: SECURITY FIX2024-09-17
Ubuntu
Expat vulnerabilities2024-09-17
BSD
OpenBSD 7.4 Errata 020: SECURITY FIX2024-09-17
Ubuntu
xmltok library vulnerabilities2024-09-12
CVE-2024-45491 — Integer Overflow or Wraparound | cvebase