In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).

References

www.openwall.com/lists/oss-security/2022/01/17/3

bugzilla.mozilla.org/show_bug.cgi?id=1217609

cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf

github.com/libexpat/libexpat/issues/531

github.com/libexpat/libexpat/pull/534

security.gentoo.org/glsa/202209-24

security.netapp.com/advisory/ntap-20220121-0004/

www.debian.org/security/2022/dsa-5073

www.tenable.com/security/tns-2022-05

cbl_mariner 2

alpinelinux 1

amazon 2

githubexploit 3

cnvd 1

osv 7

prion 1

nessus 59

cve 1

redhatcve 1

debiancve 1

ubuntucve 1

veracode 1

nvd 1

ibm 25

f5 1

photon 6

openvas 29

slackware 1

mageia 1

hp 1

suse 1

altlinux 1

debian 2

redhat 11

cloudlinux 1

ubuntu 1

rocky 1

centos 1

oraclelinux 2

almalinux 1

cloudfoundry 1

ics 3

aix 1

gentoo 1

avleonov 1

cbl_mariner

CVE-2021-45960 affecting package expat 2.4.1-2

2022-01-26 22:53:38

CVE-2021-45960 affecting package expat for versions less than 2.4.3-1

2022-04-09 06:51:43

alpinelinux

CVE-2021-45960

2022-01-01 19:15:08

amazon

Medium: expat

2022-05-31 23:47:00

Medium: expat

2022-04-25 22:58:00

githubexploit

Exploit for Incorrect Calculation in Libexpat Project Libexpat

2022-04-11 11:45:57

Exploit for Incorrect Calculation in Libexpat Project Libexpat

2023-04-06 06:20:55

Exploit for Incorrect Calculation in Libexpat Project Libexpat

2022-05-25 09:03:48

cnvd

Expat has an unspecified vulnerability

2022-01-05 00:00:00

osv

CVE-2021-45960

2022-01-01 19:15:08

expat-2.4.3-1.1 on GA media

2024-06-15 00:00:00

expat - security update

2022-02-12 00:00:00

prion

Design/Logic Flaw

2022-01-01 19:15:00

nessus

Amazon Linux 2 : expat (ALAS-2022-1788)

2022-04-27 00:00:00

Amazon Linux AMI : expat (ALAS-2022-1588)

2022-06-10 00:00:00

RHEL 8 : expat (Unpatched Vulnerability)

2024-06-03 00:00:00

cve

CVE-2021-45960

2022-01-01 19:15:08

redhatcve

CVE-2021-45960

2022-01-24 16:55:56

debiancve

CVE-2021-45960

2022-01-01 19:15:08

ubuntucve

CVE-2021-45960

2022-01-01 00:00:00

veracode

Denial Of Service (DoS)

2022-01-18 22:23:06

nvd

CVE-2021-45960

2022-01-01 19:15:08

ibm

Security Bulletin: Multiple Vulnerabilities in Expat component shipped with IBM Rational ClearCase ( CVE-2021-45960, CVE-2021-46143 )

2022-07-25 14:52:17

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server due to Expat vulnerabilities

2022-03-02 18:47:38

Security Bulletin: Multiple Vulnerabilities have been identified in IBM HTTP Server shipped with WebSphere Remote Server

2022-03-04 19:18:28

K91589041 : Expat vulnerabilities CVE-2021-45960, CVE-2022-22825, CVE-2022-22826, and CVE-2022-22827

2022-05-01 00:00:00

photon

Important Photon OS Security Update - PHSA-2022-0354

2022-01-19 00:00:00

Important Photon OS Security Update - PHSA-2022-3.0-0354

2022-01-22 00:00:00

Critical Photon OS Security Update - PHSA-2022-0462

2022-01-22 00:00:00

openvas

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2023-1060)

2023-01-09 00:00:00

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2022-1529)

2022-04-25 00:00:00

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2022-2495)

2022-10-10 00:00:00

slackware

[slackware-security] expat

2022-01-16 21:48:11

mageia

Updated expat packages fix security vulnerability

2022-01-25 15:13:11

Expat Library update for Teradici PCoIP Software and Firmware

2022-04-11 00:00:00

suse

Security update for expat (important)

2022-01-25 00:00:00

altlinux

Security fix for the ALT Linux 9 package expat version 2.4.3-alt1

2022-01-31 00:00:00

debian

[SECURITY] [DLA 2904-1] expat security update

2022-01-30 21:42:20

[SECURITY] [DSA 5073-1] expat security update

2022-02-12 13:32:08

redhat

(RHSA-2022:0951) Important: expat security update

2022-03-16 15:13:06

(RHSA-2022:1069) Important: expat security update

2022-03-28 08:42:24

(RHSA-2022:7144) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update

2022-10-26 20:04:31

cloudlinux

Fixed 13 CVEs in expat

2022-08-17 18:50:48

ubuntu

Expat vulnerabilities

2022-02-21 00:00:00

rocky

expat security update

2022-03-16 15:13:06

centos

expat security update

2022-03-29 22:31:03

oraclelinux

expat security update

2022-03-28 00:00:00

expat security update

2022-03-16 00:00:00

almalinux

Important: expat security update

2022-03-16 00:00:00

cloudfoundry

USN-5288-1: Expat vulnerabilities | Cloud Foundry

2022-04-21 00:00:00

ics

Hitachi Energy AFS65x, AFF66x, AFS67x, and AFR67x Series Products

2023-10-05 12:00:00

Siemens SINEMA Remote Connect Server

2022-06-16 12:00:00

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

2023-12-14 12:00:00

aix

AIX is affected by multiple vulnerabilities in Python

2022-07-28 13:12:18

gentoo

Expat: Multiple Vulnerabilities

2022-09-29 00:00:00

avleonov

Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs

2022-12-30 18:03:13

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

AI Score

9.4

Confidence

High

EPSS

0.01

Percentile

83.8%

JSON

Related for CVELIST:CVE-2021-45960