Lucene search

K

Gentoo FoundationMGASA-2024-0294

HistorySep 11, 2024 - 11:42 p.m.

Updated expat packages fix security vulnerabilities

2024-09-1123:42:44

Gentoo Foundation

advisories.mageia.org

6

expat

security vulnerabilities

xml_parsebuffer

integer overflow

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. (CVE-2024-45490) An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). (CVE-2024-45491) An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). (CVE-2024-45492)

OSVersionArchitecturePackageVersionFilename
Mageia9noarchexpat< 2.6.3-1expat-2.6.3-1.mga9

References

www.slackware.com/security/viewer.php?l=slackware-security&y=2024&m=slackware-security.351556

bugs.mageia.org/show_bug.cgi?id=33547

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

Related for MGASA-2024-0294

slackware2 nessus21 fedora4 osv13 openvas15 oraclelinux1 redhat1 photon3 cloudlinux1 redos2 alpinelinux3 cve3 debiancve3 cbl_mariner3 vulnrichment3 redhatcve3 nvd3 cvelist3 ubuntucve1