CRITICALβœ“ PATCHπŸ‡΅πŸ‡± Wersja polska

CVE-2024-45491

CVSS 9.8v3.1pub. 2024-08-30upd. 2026-05-12

An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

πŸ€– AI Analysis
How it works

On 32-bit platforms, where UINT_MAX equals SIZE_MAX, the dtdCopy function during the copying of DTD definitions can cause an integer overflow for the nDefaultAtts variable. This overflow can result in incorrect calculation of allocated memory size, which consequently leads to memory corruption of the process handling XML data.

Impact

An attacker can remotely, without authentication, cause arbitrary code execution (RCE), disclosure of sensitive data, or denial of service (DoS) in an application using a vulnerable version of the libexpat library.

Mitigation & patch

The libexpat library should be updated to version 2.6.3 or later. Users of Debian distribution and NetApp and Siemens systems should apply patches available in the appropriate distribution channels according to vendor references.

Who is affected

Libexpat (libexpat Project) in versions before 2.6.3, running on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Libexpat Project Libexpat

    APP
    Libexpat Project
    < 2.6.3
🟒
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2024-45492CRITICAL9.8PL βœ“ten sam produkt

Integer overflow w libexpat β€” podatnoΕ›Δ‡ w nextScaffoldPart na platformach 32-bitowych

CVE-2022-25315CRITICAL9.8ten sam produkt

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

CVE-2022-25235CRITICAL9.8ten sam produkt

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for wh...

CVE-2022-25236CRITICAL9.8ten sam produkt

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into...

CVE-2022-23852CRITICAL9.8ten sam produkt

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a no...

CVE-2024-45491 β€” Libexpat Project β€” Libexpat β€” CRITICAL β€” CVSS 9.8 | CVEbaza.pl