PT-2024-10120 · Libexpat+11 · Libexpat+11
Hartwork
·
Published
2024-10-27
·
Updated
2026-04-01
·
CVE-2024-50602
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
libexpat versions prior to 2.6.4
Description
The issue is related to the
XML ResumeParser function in the libexpat library, which can cause a crash due to insufficient checking of unusual or exceptional states. This can be exploited by a remote attacker to cause a denial of service. The XML StopParser function can stop or suspend an unstarted parser, leading to the crash.Recommendations
For libexpat versions prior to 2.6.4, update to version 2.6.4 or later to resolve the issue. As a temporary workaround, consider disabling the
XML ResumeParser function until a patch is available. Restrict access to the XML StopParser function to minimize the risk of exploitation.Fix
DoS
Improper Check for Exceptional Conditions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Almalinux
Astra Linux
Centos
Debian
Ibm Aix
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Libexpat