CVE-2024-45490

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/libexpat/libexpat/issues/887	Issue Tracking
https://github.com/libexpat/libexpat/pull/890	Patch

Configurations

Configuration 1 (hide)

cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*

History

18 Oct 2024, 12:24

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~9.8~~	v2 : unknown v3 : 7.5

04 Sep 2024, 14:28

Type	Values Removed	Values Added
CPE		cpe:2.3:a:libexpat_project:libexpat::::::::
First Time		Libexpat Project libexpat Libexpat Project
CWE		CWE-611
References	~~() https://github.com/libexpat/libexpat/issues/887 -~~	() https://github.com/libexpat/libexpat/issues/887 - Issue Tracking
References	~~() https://github.com/libexpat/libexpat/pull/890 -~~	() https://github.com/libexpat/libexpat/pull/890 - Patch

30 Aug 2024, 19:35

Type	Values Removed	Values Added
Summary		(es) Se descubrió un problema en libexpat anterior a 2.6.3. xmlparse.c no rechaza una longitud negativa para XML_ParseBuffer.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8

30 Aug 2024, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-30 03:15

Updated : 2024-10-18 12:24

NVD link : CVE-2024-45490

Mitre link : CVE-2024-45490

CVE.ORG link : CVE-2024-45490

JSON object : View

Products Affected

libexpat_project

libexpat

CWE

CWE-611

Improper Restriction of XML External Entity Reference

7.5 /10