CVE-2024-45490
Public on 2024-08-30
Modified on 2024-09-02
Description
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
CVSS v3 Base Score
See breakdown
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
| Platform | Package | Release Date | Advisory |
|---|---|---|---|
| Amazon Linux 1 | expat | 2025-01-09 | ALAS-2025-1953 |
| Amazon Linux 2 - Core | expat | 2024-12-19 | ALAS2-2024-2710 |
| Amazon Linux 2023 | expat | 2024-11-14 | ALAS2023-2024-759 |
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 7.4 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H |
| NVD | CVSSv3 | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
