CVE-2024-50602 — Improper Check for Unusual or Exceptional Conditions in Project Libexpat

CWE-754 — Improper Check for Unusual or Exceptional Conditions11 documents10 sources

Severity

5.9MEDIUMNVD

EPSS

0.1%

top 68.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libexpat Project Libexpat Debian Linux

Timeline

PublishedOct 27

Latest updateApr 15

Description

An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages1 packages

▶NVDlibexpat_project/libexpat< 2.6.4

Also affects: Debian Linux 11.0

🔴Vulnerability Details

GHSA

GHSA-79wf-qgrg-2p6c: An issue was discovered in libexpat before 2↗2024-10-27

▶

OSV

CVE-2024-50602: An issue was discovered in libexpat before 2↗2024-10-27

▶

CVEList

CVE-2024-50602: An issue was discovered in libexpat before 2↗2024-10-27

▶

📋Vendor Advisories

Oracle

Oracle Oracle Communications Applications Risk Matrix: Core (LibExpat) — CVE-2024-50602↗2025-04-15

▶

Oracle

Oracle Oracle Communications Risk Matrix: Alarms, KPI, and Measurements (LibExpat) — CVE-2024-50602↗2025-01-15

▶

Ubuntu

Expat vulnerability↗2024-12-10

▶

BSD

OpenBSD 7.5 Errata 014: SECURITY FIX↗2024-11-15

▶

Red Hat

libexpat: expat: DoS via XML_ResumeParser↗2024-10-27

▶