CVE-2021-45960

high

Description

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).

References

Advisories
More

https://www.tenable.com/security/tns-2022-05

https://www.debian.org/security/2022/dsa-5073

https://security.netapp.com/advisory/ntap-20220121-0004/

https://security.gentoo.org/glsa/202209-24

https://github.com/libexpat/libexpat/pull/534

https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf

https://bugzilla.mozilla.org/show_bug.cgi?id=1217609

https://github.com/libexpat/libexpat/issues/531

http://www.openwall.com/lists/oss-security/2022/01/17/3

Details

Source: Mitre, NVD

Published: 2022-01-01

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H