Описание
In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.
A flaw was found in libexpat. A local attacker could exploit an integer overflow vulnerability in the doContent function. This flaw occurs because the buffer size is not properly determined during tag buffer reallocation, which can lead to memory corruption. Successful exploitation may result in information disclosure and data integrity issues.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | expat | Not affected | ||
| Red Hat Enterprise Linux 6 | compat-expat1 | Not affected | ||
| Red Hat Enterprise Linux 6 | expat | Not affected | ||
| Red Hat Enterprise Linux 7 | expat | Not affected | ||
| Red Hat Enterprise Linux 8 | expat | Not affected | ||
| Red Hat Enterprise Linux 8 | mingw-expat | Not affected | ||
| Red Hat Enterprise Linux 9 | expat | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
6.9 Medium
CVSS3
Связанные уязвимости
In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.
In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.
In libexpat before 2.7.4, the doContent function does not properly det ...
In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.
EPSS
6.9 Medium
CVSS3