PT-2024-6339 · Libexpat+11 · Libexpat+11
Taiyou
·
Published
2024-08-26
·
Updated
2026-04-01
·
CVE-2024-45492
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
libexpat versions prior to 2.6.3
Description
An issue was discovered in libexpat, where the
nextScaffoldPart function in xmlparse.c can have an integer overflow for m groupSize on 32-bit platforms. This can allow a remote attacker to cause a denial of service or execute arbitrary code. The issue is related to the failure to properly handle integer overflows, which can lead to security vulnerabilities.Recommendations
For libexpat versions prior to 2.6.3, update to version 2.6.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the
nextScaffoldPart function in xmlparse.c to minimize the risk of exploitation. Avoid using libexpat on 32-bit platforms until the issue is resolved.Fix
DoS
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Centos
Debian
Ibm Aix
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Libexpat