CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-45492

CVSS 9.8v3.1pub. 2024-08-30upd. 2026-05-12

An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

🤖 AI Analysis
How it works

On 32-bit platforms where the value of UINT_MAX equals SIZE_MAX, an integer overflow occurs in the m_groupSize variable during XML document processing by the nextScaffoldPart function. The overflow can lead to improper memory operations, such as allocating a buffer that is too small or accessing beyond its boundaries. An attacker can provide a specially crafted XML document that triggers this flaw.

Impact

Successful exploitation of this vulnerability may allow an attacker to achieve remote code execution (RCE), compromise data confidentiality and integrity, and cause denial of service (DoS) in applications using the libexpat library on 32-bit platforms.

Mitigation & patch

Update libexpat to version 2.6.3 or newer. Additional information about available patches for specific distributions and systems can be found in the vendor's references and in advisories from Debian LTS, NetApp, and Siemens.

Who is affected

Libexpat (libexpat Project) in versions prior to 2.6.3, on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Libexpat Project Libexpat

    APP
    Libexpat Project
    < 2.6.3
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2024-45491CRITICAL9.8PL ✓ten sam produkt

Integer overflow w libexpat (dtdCopy) na platformach 32-bitowych

CVE-2022-25315CRITICAL9.8ten sam produkt

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

CVE-2022-25235CRITICAL9.8ten sam produkt

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for wh...

CVE-2022-25236CRITICAL9.8ten sam produkt

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into...

CVE-2022-23852CRITICAL9.8ten sam produkt

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a no...