Critical Severity Vulnerability
This vulnerability has been rated as Critical severity. Immediate action is recommended.
CVE-2024-45491
Critical
Low
Medium
High
Critical
9.8
CVSS Score
Vulnerability Description
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
N
Scope
U
Confidentiality
H
Integrity
H
Availability
H
Known Affected Software
38 configuration(s) from 1 vendor(s)
libexpat
Version:
2.3.0
CPE:
cpe:2.3:a:libexpat_project:libexpat:2.3.0:*:*:*:*:*:*:*
libexpat
Version:
2.2.2
CPE:
cpe:2.3:a:libexpat_project:libexpat:2.2.2:*:*:*:*:*:*:*
libexpat
Version:
2.6.0
CPE:
cpe:2.3:a:libexpat_project:libexpat:2.6.0:*:*:*:*:*:*:*
libexpat
Version:
2.4.8
CPE:
cpe:2.3:a:libexpat_project:libexpat:2.4.8:*:*:*:*:*:*:*
libexpat
Version:
1.95.0
CPE:
cpe:2.3:a:libexpat_project:libexpat:1.95.0:*:*:*:*:*:*:*
libexpat
Version:
2.2.7
CPE:
cpe:2.3:a:libexpat_project:libexpat:2.2.7:*:*:*:*:*:*:*
libexpat
Version:
1.95.4
CPE:
cpe:2.3:a:libexpat_project:libexpat:1.95.4:*:*:*:*:*:*:*
libexpat
Version:
2.0.0
CPE:
cpe:2.3:a:libexpat_project:libexpat:2.0.0:*:*:*:*:*:*:*
libexpat
Version:
2.4.0
CPE:
cpe:2.3:a:libexpat_project:libexpat:2.4.0:*:*:*:*:*:*:*
libexpat
Version:
2.1.0
CPE:
cpe:2.3:a:libexpat_project:libexpat:2.1.0:*:*:*:*:*:*:*
libexpat
Version:
1.95.1
CPE:
cpe:2.3:a:libexpat_project:libexpat:1.95.1:*:*:*:*:*:*:*
libexpat
Version:
2.2.0
CPE:
cpe:2.3:a:libexpat_project:libexpat:2.2.0:*:*:*:*:*:*:*
libexpat
Version:
2.2.8
CPE:
cpe:2.3:a:libexpat_project:libexpat:2.2.8:*:*:*:*:*:*:*
libexpat
Version:
2.4.9
CPE:
cpe:2.3:a:libexpat_project:libexpat:2.4.9:*:*:*:*:*:*:*
libexpat
Version:
2.2.5
CPE:
cpe:2.3:a:libexpat_project:libexpat:2.2.5:*:*:*:*:*:*:*
libexpat
Version:
2.2.6
CPE:
cpe:2.3:a:libexpat_project:libexpat:2.2.6:*:*:*:*:*:*:*
libexpat
Version:
2.2.3
CPE:
cpe:2.3:a:libexpat_project:libexpat:2.2.3:*:*:*:*:*:*:*
libexpat
Version:
1.95.8
CPE:
cpe:2.3:a:libexpat_project:libexpat:1.95.8:*:*:*:*:*:*:*
libexpat
Version:
2.2.1
CPE:
cpe:2.3:a:libexpat_project:libexpat:2.2.1:*:*:*:*:*:*:*
libexpat
Version:
2.2.4
CPE:
cpe:2.3:a:libexpat_project:libexpat:2.2.4:*:*:*:*:*:*:*
libexpat
Version:
2.4.3
CPE:
cpe:2.3:a:libexpat_project:libexpat:2.4.3:*:*:*:*:*:*:*
libexpat
Version:
1.95.5
CPE:
cpe:2.3:a:libexpat_project:libexpat:1.95.5:*:*:*:*:*:*:*
libexpat
Version:
2.4.4
CPE:
cpe:2.3:a:libexpat_project:libexpat:2.4.4:*:*:*:*:*:*:*
libexpat
Version:
2.6.1
CPE:
cpe:2.3:a:libexpat_project:libexpat:2.6.1:*:*:*:*:*:*:*
libexpat
Version:
2.2.10
CPE:
cpe:2.3:a:libexpat_project:libexpat:2.2.10:*:*:*:*:*:*:*
libexpat
Version:
2.4.7
CPE:
cpe:2.3:a:libexpat_project:libexpat:2.4.7:*:*:*:*:*:*:*
libexpat
Version:
1.95.6
CPE:
cpe:2.3:a:libexpat_project:libexpat:1.95.6:*:*:*:*:*:*:*
libexpat
Version:
1.95.2
CPE:
cpe:2.3:a:libexpat_project:libexpat:1.95.2:*:*:*:*:*:*:*
libexpat
Version:
2.5.0
CPE:
cpe:2.3:a:libexpat_project:libexpat:2.5.0:*:*:*:*:*:*:*
libexpat
Version:
2.1.1
CPE:
cpe:2.3:a:libexpat_project:libexpat:2.1.1:*:*:*:*:*:*:*
libexpat
Version:
1.95.7
CPE:
cpe:2.3:a:libexpat_project:libexpat:1.95.7:*:*:*:*:*:*:*
libexpat
Version:
2.6.2
CPE:
cpe:2.3:a:libexpat_project:libexpat:2.6.2:*:*:*:*:*:*:*
libexpat
Version:
2.4.1
CPE:
cpe:2.3:a:libexpat_project:libexpat:2.4.1:*:*:*:*:*:*:*
libexpat
Version:
2.0.1
CPE:
cpe:2.3:a:libexpat_project:libexpat:2.0.1:*:*:*:*:*:*:*
libexpat
Version:
1.95.3
CPE:
cpe:2.3:a:libexpat_project:libexpat:1.95.3:*:*:*:*:*:*:*
libexpat
Version:
2.4.6
CPE:
cpe:2.3:a:libexpat_project:libexpat:2.4.6:*:*:*:*:*:*:*
libexpat
Version:
2.2.9
CPE:
cpe:2.3:a:libexpat_project:libexpat:2.2.9:*:*:*:*:*:*:*
libexpat
Version:
2.4.5
CPE:
cpe:2.3:a:libexpat_project:libexpat:2.4.5:*:*:*:*:*:*:*
This vulnerability affects 38 software configuration(s). Ensure you patch all affected systems.
Microsoft
2024-Oct-CVE-2024-45491
CVE-2024-45491: None
Severity
Unknown
Released
Oct 01, 2025
Security Update
Microsoft
2025-Mar-CVE-2024-45491
CVE-2024-45491: None
Severity
Unknown
Released
Sep 04, 2025
Security Update
Oracle
CPUJAN2025
Oracle Critical Patch Update Advisory - January 2025
Severity
Critical
Released
Jan 21, 2025
Restart Required
Security Update
References & Resources
-
https://github.com/libexpat/libexpat/issues/888cve@mitre.org Issue Tracking
-
https://github.com/libexpat/libexpat/pull/891cve@mitre.org Patch
-
https://lists.debian.org/debian-lts-announce/2024/09/msg00036.htmlaf854a3a-2127-422b-91ae-364da2661108
-
https://security.netapp.com/advisory/ntap-20241018-0003/af854a3a-2127-422b-91ae-364da2661108
Severity Details
9.8
out of 10.0
Critical
Weakness Type (CWE)
CWE-190
Top 25 #22
Integer Overflow or Wraparound
- Description
- The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value…
- Exploit Likelihood
- Medium
- Typical Severity
- High
- Abstraction Level
- Base
Key Information
- Published Date
- August 30, 2024
