In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers.
oryginał ENCVSS Vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:LLibexpat Project Libexpat
APPLibexpat Project< 2.8.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Memory
CWE
Referencje
Powiązane podatności
CVE-2024-45492CRITICAL9.8PL ✓ten sam produkt
Integer overflow w libexpat — podatność w nextScaffoldPart na platformach 32-bitowych
CVE-2024-45491CRITICAL9.8PL ✓ten sam produkt
Integer overflow w libexpat (dtdCopy) na platformach 32-bitowych
CVE-2022-25315CRITICAL9.8ten sam produkt
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
CVE-2022-25236CRITICAL9.8ten sam produkt
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into...
CVE-2022-25235CRITICAL9.8ten sam produkt
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for wh...