First published: Sat Jan 01 2022(Updated: )
Expat (aka libexpat) is vulnerable to a denial of service, caused by a realloc misbehavior issue in the storeAtts function in xmlparse.c. By persuading a victim to open a specially-crafted XML content, a remote attacker could exploit this vulnerability to cause a the application to crash.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/expat | <0:2.1.0-14.el7_9 | 0:2.1.0-14.el7_9 |
redhat/expat | <0:2.2.5-4.el8_5.3 | 0:2.2.5-4.el8_5.3 |
debian/expat | <=2.2.6-2<=2.2.10-2<=2.2.6-2+deb10u1<=2.4.2-1 | 2.4.3-1 2.2.6-2+deb10u2 2.2.10-2+deb11u1 |
redhat/expat | <2.4.3 | 2.4.3 |
Libexpat Project Libexpat | <2.4.3 | |
Tenable Nessus | <8.15.3 | |
Tenable Nessus | >=10.0.0<10.1.1 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
Siemens SINEMA Remote Connect Server | <3.1 | |
Netapp Active Iq Unified Manager Vmware Vsphere | ||
Netapp Hci Baseboard Management Controller | =h610c | |
Netapp Hci Baseboard Management Controller | =h610s | |
Netapp Hci Baseboard Management Controller | =h615c | |
NetApp OnCommand Workflow Automation | ||
Netapp Solidfire \& Hci Management Node | ||
debian/expat | 2.2.10-2+deb11u5 2.2.10-2+deb11u6 2.5.0-1+deb12u1 2.6.4-1 | |
IBM Cognos Analytics | <=12.0.0-12.0.3 | |
IBM Cognos Analytics | <=11.2.0-11.2.4 FP4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2021-45960 is a vulnerability in Expat (libexpat) which can cause process interruption and unexpected termination due to buffer overrun when processing a large number of prefixed XML attributes on a single tag.
The severity of CVE-2021-45960 is critical with a CVSS score of 8.8.
Expat (libexpat) versions prior to 2.4.3 are affected by CVE-2021-45960.
To fix CVE-2021-45960, update Expat (libexpat) to version 2.4.3 or later.
Yes, you can find references for CVE-2021-45960 at the following links: [Link 1](https://github.com/libexpat/libexpat/issues/531), [Link 2](https://github.com/libexpat/libexpat/pull/534), [Link 3](https://bugzilla.mozilla.org/show_bug.cgi?id=1217609).