Описание
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
An issue was found in libexpat’s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.
Отчет
This vulnerability is classified as Moderate severity rather than Important due to its reliance on specific conditions for exploitation. The integer overflow in dtdCopy affecting nDefaultAtts is limited to 32-bit platforms, reducing the attack surface as many modern systems operate on 64-bit architectures. Additionally, while the impact can lead to denial of service and potentially arbitrary code execution, the latter requires precise manipulation of the overflow condition, which may be non-trivial for attackers to achieve reliably. The constrained platform scope and the complexity of exploitation lower the overall severity, though it still poses a risk in environments where 32-bit systems are prevalent.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | expat | Not affected | ||
| Red Hat Enterprise Linux 6 | compat-expat1 | Out of support scope | ||
| Red Hat Enterprise Linux 6 | expat | Out of support scope | ||
| Red Hat Enterprise Linux 7 | expat | Out of support scope | ||
| Red Hat Enterprise Linux 7 | firefox | Out of support scope | ||
| Red Hat Enterprise Linux 7 | thunderbird | Out of support scope | ||
| Red Hat Enterprise Linux 8 | firefox | Will not fix | ||
| Red Hat Enterprise Linux 8 | mingw-expat | Will not fix | ||
| Red Hat Enterprise Linux 8 | thunderbird | Will not fix | ||
| Red Hat Enterprise Linux 9 | firefox | Will not fix |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse. ...
7.5 High
CVSS3