CVE-2024-45492 | THREATINT

Description

An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

PUBLISHED Reserved 2024-08-30 | Published 2024-08-30 | Updated 2026-05-12 | Assigner mitre

References

security.netapp.com/advisory/ntap-20241018-0005/

lists.debian.org/debian-lts-announce/2024/09/msg00036.html

cert-portal.siemens.com/productcert/html/ssa-082556.html

cert-portal.siemens.com/productcert/html/ssa-613116.html

github.com/libexpat/libexpat/pull/892

github.com/libexpat/libexpat/issues/889

cve.org (CVE-2024-45492)

nvd.nist.gov (CVE-2024-45492)

Download JSON