CVSS: 3.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-28044 – Liteos-A has an integer overflow vulnerability
https://notcve.org/view.php?id=CVE-2024-28044
in OpenHarmony v4.1.0 and prior versions allow a local attacker cause crash through integer overflow. en OpenHarmony v4.1.0 y versiones anteriores, se permite que un atacante local provoque un bloqueo a través de un desbordamiento de enteros. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-09.md • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-45491 – libexpat: Integer Overflow or Wraparound
https://notcve.org/view.php?id=CVE-2024-45491
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). An issue was found in libexpat’s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX. • https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-45490 – libexpat: Negative Length Parsing Vulnerability in libexpat
https://notcve.org/view.php?id=CVE-2024-45490
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function. • https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2024-45492 – libexpat: integer overflow
https://notcve.org/view.php?id=CVE-2024-45492
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). ... It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX. • https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 • CWE-190: Integer Overflow or Wraparound •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-43828 – ext4: fix infinite loop when replaying fast_commit
https://notcve.org/view.php?id=CVE-2024-43828
ext4_ext_determine_insert_hole() does not detect the replay and calls ext4_es_find_extent_range(), which will return immediately without initializing the 'es' variable. Because 'es' contains garbage, an integer overflow may happen causing an infinite loop in this function, easily reproducible using fstest generic/039. This commit fixes this issue by unconditionally initializing the structure in function ext4_es_find_extent_range(). Thanks to Zhang Yi, for figuring out the real problem! • https://git.kernel.org/stable/c/8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2 https://git.kernel.org/stable/c/5ed0496e383cb6de120e56991385dce70bbb87c1 https://git.kernel.org/stable/c/0619f7750f2b178a1309808832ab20d85e0ad121 https://git.kernel.org/stable/c/181e63cd595c688194e07332f9944b3a63193de2 https://git.kernel.org/stable/c/c6e67df64783e99a657ef2b8c834ba2bf54c539c https://git.kernel.org/stable/c/81f819c537d29932e4b9267f02411cbc8b355178 https://git.kernel.org/stable/c/907c3fe532253a6ef4eb9c4d67efb71fab58c706 •