Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2022-05481
HistoryJan 05, 2022 - 12:00 a.m.

Expat has an unspecified vulnerability

2022-01-0500:00:00
China National Vulnerability Database
www.cnvd.org.cn
23
expat
xml parser
vulnerability
storeatts
security
c
misbehavior

EPSS

0.01

Percentile

83.8%

Expat is a fast streaming XML parser written in C. A security vulnerability exists in Expat, which stems from the fact that in Expat (aka libexpat) prior to 2.4.3, the storeAtts function in xmlparse.c shifted left by 29 (or more) bits may cause realloc misbehavior (e.g., allocating too few bytes too few, or only releasing memory). No detailed vulnerability details are currently available.