Integer Overflow or Wraparound Affecting expat-debugsource package, versions <0:2.2.5-15.el8_10
Threat Intelligence
EPSS
0.09% (41st
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-ROCKY8-EXPATDEBUGSOURCE-8134677
- published 1 Oct 2024
- disclosed 30 Aug 2024
Introduced: 30 Aug 2024
CVE-2024-45492 Open this link in a new tabHow to fix?
Upgrade Rocky-Linux:8
expat-debugsource
to version 0:2.2.5-15.el8_10 or higher.
This issue was patched in RLSA-2024:6989
.
NVD Description
Note: Versions mentioned in the description apply only to the upstream expat-debugsource
package and not the expat-debugsource
package as distributed by Rocky-Linux
.
See How to fix?
for Rocky-Linux:8
relevant fixed versions and status.
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
CVSS Scores
version 3.1