CVE-2024-45492
libexpat: integer overflow
Severity Score
7.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.
This update for mozjs115 fixes the following issues. Fixed negative len for XML_ParseBuffer in embedded expat. Fixed integer overflow in dtdCopy in embedded expat. Fixed integer overflow in function nextScaffoldPart in embedded expat.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-08-30 CVE Reserved
- 2024-08-30 CVE Published
- 2024-10-18 CVE Updated
- 2024-11-01 First Exploit
- 2025-06-26 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://github.com/libexpat/libexpat/issues/889 | ||
| https://github.com/libexpat/libexpat/pull/892 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/nidhihcl75/external_expat_2.6.2_CVE-2024-45492 | 2024-11-01 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-45492 | 2024-11-19 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2308617 | 2024-11-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Libexpat Search vendor "Libexpat" | Expat Search vendor "Libexpat" for product "Expat" | * | - |
Affected
| ||||||
| Libexpat Project Search vendor "Libexpat Project" | Libexpat Search vendor "Libexpat Project" for product "Libexpat" | * | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Linux Search vendor "Oracle" for product "Linux" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | * | - |
Affected
| ||||||
| Alma Search vendor "Alma" | Linux Search vendor "Alma" for product "Linux" | * | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | * | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | * | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | * | - |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | * | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | * | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Linux Search vendor "Oracle" for product "Linux" | * | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | * | - |
Affected
| ||||||
| Rocky Search vendor "Rocky" | Linux Search vendor "Rocky" for product "Linux" | * | - |
Affected
| ||||||
| Slackware Search vendor "Slackware" | Slackware Linux Search vendor "Slackware" for product "Slackware Linux" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Packagehub Search vendor "Suse" for product "Packagehub" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sle-module-basesystem Search vendor "Suse" for product "Sle-module-basesystem" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sle-module-desktop-applications Search vendor "Suse" for product "Sle-module-desktop-applications" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sle-sdk Search vendor "Suse" for product "Sle-sdk" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sle Hpc Search vendor "Suse" for product "Sle Hpc" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sled Search vendor "Suse" for product "Sled" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sles Search vendor "Suse" for product "Sles" | * | - |
Affected
| ||||||
| Suse Search vendor "Suse" | Sles Sap Search vendor "Suse" for product "Sles Sap" | * | - |
Affected
| ||||||