First published: Thu Jan 06 2022(Updated: )
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/expat | <0:2.1.0-14.el7_9 | 0:2.1.0-14.el7_9 |
redhat/expat | <0:2.2.5-4.el8_5.3 | 0:2.2.5-4.el8_5.3 |
redhat/xmlrpc-c | <0:1.51.0-8.el8 | 0:1.51.0-8.el8 |
redhat/expat | <2.4.3 | 2.4.3 |
debian/expat | 2.2.6-2+deb10u4 2.2.6-2+deb10u7 2.2.10-2+deb11u5 2.5.0-1 2.6.2-1 | |
Libexpat Project Libexpat | <2.4.3 | |
Netapp Active Iq Unified Manager Vmware Vsphere | ||
NetApp Clustered Data ONTAP | ||
Netapp Hci Baseboard Management Controller | =h610c | |
Netapp Hci Baseboard Management Controller | =h610s | |
Netapp Hci Baseboard Management Controller | =h615c | |
NetApp OnCommand Workflow Automation | ||
Netapp Solidfire \& Hci Management Node | ||
Tenable Nessus | <8.15.3 | |
Tenable Nessus | >=10.0.0<10.1.1 | |
Siemens SINEMA Remote Connect Server | <3.1 | |
ubuntu/expat | <2.2.5-3ubuntu0.4 | 2.2.5-3ubuntu0.4 |
ubuntu/expat | <2.2.9-1ubuntu0.2 | 2.2.9-1ubuntu0.2 |
ubuntu/expat | <2.4.1-2ubuntu0.1 | 2.4.1-2ubuntu0.1 |
ubuntu/expat | <2.4.3-1 | 2.4.3-1 |
ubuntu/expat | <2.4.3-1 | 2.4.3-1 |
ubuntu/expat | <2.4.3-1 | 2.4.3-1 |
ubuntu/expat | <2.4.3-1 | 2.4.3-1 |
ubuntu/expat | <2.4.3-1 | 2.4.3-1 |
ubuntu/expat | <2.1.0-4ubuntu1.4+ | 2.1.0-4ubuntu1.4+ |
ubuntu/expat | <2.1.0-7ubuntu0.16.04.5+ | 2.1.0-7ubuntu0.16.04.5+ |
ubuntu/firefox | <98.0+ | 98.0+ |
ubuntu/firefox | <98.0+ | 98.0+ |
ubuntu/firefox | <98.0+ | 98.0+ |
ubuntu/firefox | <1:1 | 1:1 |
ubuntu/firefox | <1:1 | 1:1 |
ubuntu/firefox | <1:1 | 1:1 |
ubuntu/firefox | <1:1 | 1:1 |
ubuntu/firefox | <1:1 | 1:1 |
ubuntu/firefox | <98 | 98 |
ubuntu/libxmltok | <1.2-4ubuntu0.18.04.1~ | 1.2-4ubuntu0.18.04.1~ |
ubuntu/libxmltok | <1.2-4ubuntu0.20.04.1~ | 1.2-4ubuntu0.20.04.1~ |
ubuntu/libxmltok | <1.2-4ubuntu0.22.04.1~ | 1.2-4ubuntu0.22.04.1~ |
ubuntu/libxmltok | <1.2-3ubuntu0.16.04.1~ | 1.2-3ubuntu0.16.04.1~ |
https://github.com/libexpat/libexpat/pull/538/commits/85ae9a2d7d0e9358f356b33977b842df8ebaec2b
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
The vulnerability ID is CVE-2021-46143.
The severity level of CVE-2021-46143 is high with a CVSS score of 7.8.
The highest threat from CVE-2021-46143 is to availability and confidentiality.
The affected software versions include Expat (libexpat) before 2.4.3.
To fix CVE-2021-46143, update Expat to version 2.4.3.