{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-45490", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-03-14T19:07:39.114Z", "dateReserved": "2024-08-30T00:00:00.000Z", "datePublished": "2024-08-30T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-08-30T02:10:04.584Z"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/libexpat/libexpat/pull/890"}, {"url": "https://github.com/libexpat/libexpat/issues/887"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-190", "lang": "en", "description": "CWE-190 Integer Overflow or Wraparound"}]}], "affected": [{"vendor": "libexpat_project", "product": "libexpat", "cpes": ["cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "2.6.3", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-30T18:17:03.200505Z", "id": "CVE-2024-45490", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-14T19:07:39.114Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20241018-0004/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-10-18T13:07:41.151Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20241018-0004/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-10-18T13:07:41.151Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-45490", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-30T18:17:03.200505Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*"], "vendor": "libexpat_project", "product": "libexpat", "versions": [{"status": "affected", "version": "0", "lessThan": "2.6.3", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-30T18:18:26.447Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/libexpat/libexpat/pull/890"}, {"url": "https://github.com/libexpat/libexpat/issues/887"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-08-30T02:10:04.584Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45490", "state": "PUBLISHED", "dateUpdated": "2025-03-14T19:07:39.114Z", "dateReserved": "2024-08-30T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-08-30T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*", "matchCriteriaId": "FDDF6E7A-AF1C-4370-B0B0-29A35C454FFB", "versionEndExcluding": "2.6.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en libexpat anterior a 2.6.3. xmlparse.c no rechaza una longitud negativa para XML_ParseBuffer."}], "id": "CVE-2024-45490", "lastModified": "2025-03-14T19:15:47.253", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-08-30T03:15:03.757", "references": [{"source": "[email protected]", "tags": ["Issue Tracking"], "url": "https://github.com/libexpat/libexpat/issues/887"}, {"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/libexpat/libexpat/pull/890"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20241018-0004/"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "[email protected]", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-190"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:6989", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "expat-0:2.2.5-15.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:6754", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "expat-0:2.5.0-2.el9_4.1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6754", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "expat-0:2.5.0-2.el9_4.1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:7599", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "rhcos-416.94.202410020522-0", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2024-10-09T00:00:00Z"}, {"advisory": "RHSA-2024:9610", "cpe": "cpe:/a:redhat:openshift:4.17::el9", "package": "rhcos-417.94.202411070820-0", "product_name": "Red Hat OpenShift Container Platform 4.17", "release_date": "2024-11-19T00:00:00Z"}, {"advisory": "RHSA-2024:10135", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-config-sync-rhel9:1.4.7-3", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-11-21T00:00:00Z"}, {"advisory": "RHSA-2024:10135", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-flow-collector-rhel9:1.4.7-3", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-11-21T00:00:00Z"}, {"advisory": "RHSA-2024:10135", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-operator-bundle:1.4.7-4", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-11-21T00:00:00Z"}, {"advisory": "RHSA-2024:10135", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-router-rhel9:2.4.3-7", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-11-21T00:00:00Z"}, {"advisory": "RHSA-2024:10135", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-service-controller-rhel9:1.4.7-3", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-11-21T00:00:00Z"}, {"advisory": "RHSA-2024:10135", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-site-controller-rhel9:1.4.7-3", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-11-21T00:00:00Z"}, {"advisory": "RHSA-2024:7213", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-config-sync-rhel9:1.4.7-2", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7213", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-flow-collector-rhel9:1.4.7-2", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7213", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-operator-bundle:1.4.7-2", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7213", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-router-rhel9:2.4.3-6", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7213", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-service-controller-rhel9:1.4.7-2", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:7213", "cpe": "cpe:/a:redhat:service_interconnect:1.4::el9", "package": "service-interconnect/skupper-site-controller-rhel9:1.4.7-2", "product_name": "Service Interconnect 1.4 for RHEL 9", "release_date": "2024-09-26T00:00:00Z"}, {"advisory": "RHSA-2024:11109", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-config-sync-rhel9:1.5.5-4", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11109", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-controller-podman-container-rhel9:1.5.5-4", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11109", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-controller-podman-rhel9:1.5.5-4", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11109", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-flow-collector-rhel9:1.5.5-4", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11109", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-operator-bundle:1.5.5-4", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11109", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-router-rhel9:2.5.3-6", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11109", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-service-controller-rhel9:1.5.5-4", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2024:11109", "cpe": "cpe:/a:redhat:service_interconnect:1::el9", "package": "service-interconnect/skupper-site-controller-rhel9:1.5.5-4", "product_name": "Service Interconnect 1 for RHEL 9", "release_date": "2024-12-16T00:00:00Z"}, {"advisory": "RHSA-2025:3453", "cpe": "cpe:/a:redhat:jboss_core_services:1", "package": "expat", "product_name": "Text-Only JBCS", "release_date": "2025-04-02T00:00:00Z"}], "bugzilla": {"description": "libexpat: Negative Length Parsing Vulnerability in libexpat", "id": "2308615", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308615"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-190", "details": ["An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.", "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-45490", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "expat", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "compat-expat1", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "expat", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "expat", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "mingw-expat", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "xmlrpc-c", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-08-30T03:15:03Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-45490\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-45490\nhttps://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes\nhttps://github.com/libexpat/libexpat/issues/887\nhttps://github.com/libexpat/libexpat/pull/890"], "statement": "The CVE-2024-45490 vulnerability is rated as moderate severity because while it allows for memory corruption through improper argument handling in XML_ParseBuffer, the exploitability is limited. Specifically, it requires an unlikely scenario where the input passed to the function has a negative length (len < 0), which would typically not occur in well-formed applications. Moreover, while the impact includes denial of service (DoS), the conditions necessary for arbitrary code execution are non-trivial, requiring specific exploitation of memory corruption. Since it primarily leads to application crashes without an easily accessible attack vector for remote code execution, the risk is lower compared to higher-severity vulnerabilities that offer more direct pathways to exploitation.\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-190: Integer Overflow or Wraparound vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\nBaseline configurations and configuration controls enforce secure system and software settings, while least functionality reduces the attack surface by disabling unnecessary services and ports. In the event of successful exploitation, process isolation ensures that memory corruption is contained within the originating process, preventing it from affecting other processes or the system as a whole. The environment leverages malicious code protections such as IPS/IDS and antimalware solutions. These controls help detect and prevent malicious code that attempts to exploit integer overflow vulnerabilities through mechanisms like file integrity checks and patch management. Finally, memory protection mechanisms such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) are used to enhance resilience against integer overflows and denial-of-service attacks.", "threat_severity": "Moderate"}