XML Parse Buffer Vulnerability
CVE-2024-45490

7.5HIGH

Key Information:

Vendor

libexpat

Status
Libexpat
Vendor
CVE Published:
30 August 2024

Badges

đź“° News Worthy

What is CVE-2024-45490?

A vulnerability detected in libexpat prior to version 2.6.3 relates to XML parsing inaccuracies within the xmlparse.c file. The flaw arises because the XML_ParseBuffer function fails to appropriately handle negative lengths, potentially leading to undefined behavior during XML processing. This weakness could be exploited by attackers to cause program crashes or other undesirable behaviors when parsing maliciously crafted XML data.

News Articles

favicon imageForbes

iOS 18.2—Update Now Warning Issued To All iPhone Users

Apple has issued iOS 18.2, along with the first major Apple Intelligence features and 21 updates you should apply to your iPhone now. Here's what you need to know.

References

https://github.com/libexpat/libexpat/pull/890
https://github.com/libexpat/libexpat/issues/887

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • đź“°

    First article discovered by Forbes

  • Vulnerability published

  • Vulnerability Reserved

.