Описание
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.
Отчет
CVE-2024-45492 is categorized as a Moderate severity issue rather than Important due to the specific conditions required for exploitation and the limited scope of impact. While an integer overflow in the nextScaffoldPart function on 32-bit platforms can potentially lead to denial of service (DoS) or, in rare cases, arbitrary code execution, the vulnerability is platform-specific, affecting only 32-bit architectures with particular handling of UINT_MAX and SIZE_MAX. Additionally, exploiting the overflow for arbitrary code execution would require precise manipulation of memory, making it a less likely attack vector. The primary risk of DoS, without guaranteed escalation to remote code execution, further justifies the moderate severity classification.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | expat | Not affected | ||
| Red Hat Enterprise Linux 6 | compat-expat1 | Out of support scope | ||
| Red Hat Enterprise Linux 6 | expat | Out of support scope | ||
| Red Hat Enterprise Linux 7 | expat | Out of support scope | ||
| Red Hat Enterprise Linux 7 | firefox | Out of support scope | ||
| Red Hat Enterprise Linux 7 | thunderbird | Out of support scope | ||
| Red Hat Enterprise Linux 8 | firefox | Will not fix | ||
| Red Hat Enterprise Linux 8 | mingw-expat | Will not fix | ||
| Red Hat Enterprise Linux 8 | thunderbird | Will not fix | ||
| Red Hat Enterprise Linux 8 | xmlrpc-c | Affected |
Показывать по
Дополнительная информация
Статус:
6.2 Medium
CVSS3
Связанные уязвимости
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in ...
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
6.2 Medium
CVSS3