PT-2021-6138 · Expat+12 · Expat+12

Hartwork

·

Published

2021-12-30

·

Updated

2026-04-01

·

CVE-2021-45960

CVSS v2.0

9.0

High

VectorAV:N/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Expat (aka libexpat) versions prior to 2.4.3
Description The issue is related to a left shift by 29 (or more) places in the storeAtts function in xmlparse.c, which can lead to realloc misbehavior, such as allocating too few bytes or only freeing memory. This can cause a denial of service. Additionally, there is a mention of an integer overflow of addBinding in xmlparse.c, which could potentially allow a remote attacker to execute arbitrary code on the system by persuading a victim to open a specially-crafted file.
Recommendations For versions prior to 2.4.3, update to version 2.4.3 or later to resolve the issue. As a temporary workaround, consider disabling the storeAtts function until a patch is available. Restrict access to specially-crafted files to minimize the risk of exploitation.

Exploit

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-682

Related Identifiers

ALSA-2022:0951
ALT-PU-2022-1072
ALT-PU-2022-1130
ALT-PU-2022-1176
ALT-PU-2023-4107
AZL-7124
BDU:2022-01003
CESA-2022_0951
CESA-2022_1069
CLEANSTART-2026-EM10970
CLEANSTART-2026-MH09144
CLEANSTART-2026-YT18139
CVE-2021-45960
DLA-2904-1
DSA-5073-1
MGASA-2022-0031
OESA-2022-1490
OESA-2023-1464
OESA-2023-1465
OESA-2024-1815
OPENSUSE-SU-2022:0178-1
OPENSUSE-SU-2022_0178-1
OPENSUSE-SU-2024:11762-1
RHSA-2022:0951
RHSA-2022:1069
RHSA-2022_0951
RHSA-2022_1069
RLSA-2022:0951
SUSE-SU-2022:0178-1
SUSE-SU-2022:0179-1
SUSE-SU-2022:14878-1
SUSE-SU-2022_0178-1
SUSE-SU-2022_0179-1
SUSE-SU-2022_14878-1
USN-5288-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Expat
Ibm Aix
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu