CVE-2021-46143
expat: Integer overflow in doProlog in xmlparse.c
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
En la función doProlog en el archivo xmlparse.c en Expat (también se conoce como libexpat) versiones anteriores a 2.4.3, se presenta un desbordamiento de enteros para m_groupSize.
expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability, confidentiality and integrity.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-01-06 CVE Reserved
- 2022-01-06 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-09-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| https://security.netapp.com/advisory/ntap-20220121-0006 | Third Party Advisory |
|
| https://www.tenable.com/security/tns-2022-05 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://github.com/libexpat/libexpat/issues/532 | 2024-08-04 |
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2022/01/17/3 | 2022-10-06 | |
| https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf | 2022-10-06 | |
| https://github.com/libexpat/libexpat/pull/538 | 2022-10-06 |
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/202209-24 | 2022-10-06 | |
| https://www.debian.org/security/2022/dsa-5073 | 2022-10-06 | |
| https://access.redhat.com/security/cve/CVE-2021-46143 | 2022-11-08 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2044455 | 2022-11-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Libexpat Project Search vendor "Libexpat Project" | Libexpat Search vendor "Libexpat Project" for product "Libexpat" | < 2.4.3 Search vendor "Libexpat Project" for product "Libexpat" and version " < 2.4.3" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager" | - | vmware_vsphere |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Clustered Data Ontap Search vendor "Netapp" for product "Clustered Data Ontap" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Hci Baseboard Management Controller Search vendor "Netapp" for product "Hci Baseboard Management Controller" | h610c Search vendor "Netapp" for product "Hci Baseboard Management Controller" and version "h610c" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Hci Baseboard Management Controller Search vendor "Netapp" for product "Hci Baseboard Management Controller" | h610s Search vendor "Netapp" for product "Hci Baseboard Management Controller" and version "h610s" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Hci Baseboard Management Controller Search vendor "Netapp" for product "Hci Baseboard Management Controller" | h615c Search vendor "Netapp" for product "Hci Baseboard Management Controller" and version "h615c" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Oncommand Workflow Automation Search vendor "Netapp" for product "Oncommand Workflow Automation" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Solidfire \& Hci Management Node Search vendor "Netapp" for product "Solidfire \& Hci Management Node" | - | - |
Affected
| ||||||
| Tenable Search vendor "Tenable" | Nessus Search vendor "Tenable" for product "Nessus" | < 8.15.3 Search vendor "Tenable" for product "Nessus" and version " < 8.15.3" | - |
Affected
| ||||||
| Tenable Search vendor "Tenable" | Nessus Search vendor "Tenable" for product "Nessus" | >= 10.0.0 < 10.1.1 Search vendor "Tenable" for product "Nessus" and version " >= 10.0.0 < 10.1.1" | - |
Affected
| ||||||
| Siemens Search vendor "Siemens" | Sinema Remote Connect Server Search vendor "Siemens" for product "Sinema Remote Connect Server" | < 3.1 Search vendor "Siemens" for product "Sinema Remote Connect Server" and version " < 3.1" | - |
Affected
| ||||||