Vulnerability CVE-2021-46143: Information

Description

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-46143
Published: Jan. 6, 2022
Modified: Oct. 6, 2022
Error type identifier: CWE-190

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
expatsisyphus2.4.3-alt12.5.0-alt1ALT-PU-2022-1072-1293693Fixed
expatsisyphus_e2k2.4.3-alt12.5.0-alt1ALT-PU-2022-3713-1-Fixed
expatsisyphus_riscv642.4.3-alt12.5.0-alt1ALT-PU-2022-3686-1-Fixed
expatp102.4.3-alt12.5.0-alt1ALT-PU-2022-1130-1293695Fixed
expatp10_e2k2.4.3-alt12.5.0-alt1ALT-PU-2022-3808-1-Fixed
expatp92.4.3-alt12.4.3-alt1ALT-PU-2022-1176-1293696Fixed
expatp9_e2k2.4.3-alt12.4.3-alt1ALT-PU-2022-4725-1-Fixed
expatc10f12.4.3-alt12.5.0-alt1ALT-PU-2022-1130-1293695Fixed
expatc9f22.5.0-alt12.5.0-alt1ALT-PU-2023-4107-2324219Fixed
expatp112.4.3-alt12.5.0-alt1ALT-PU-2022-1072-1293693Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/libexpat/libexpat/issues/532
  • Exploit
  • Issue Tracking
  • Patch
  • Third Party Advisory
https://github.com/libexpat/libexpat/pull/538
  • Patch
  • Third Party Advisory
[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes
  • Mailing List
  • Patch
  • Third Party Advisory
https://security.netapp.com/advisory/ntap-20220121-0006/
  • Third Party Advisory
https://www.tenable.com/security/tns-2022-05
  • Third Party Advisory
DSA-5073
  • Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
  • Patch
  • Third Party Advisory
GLSA-202209-24
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*
      End excliding
      2.4.3

      Configuration 2

      cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
      cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
      cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*
      cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
      cpe:2.3:a:netapp:hci_baseboard_management_controller:h610c:*:*:*:*:*:*:*
      cpe:2.3:a:netapp:hci_baseboard_management_controller:h610s:*:*:*:*:*:*:*
      cpe:2.3:a:netapp:hci_baseboard_management_controller:h615c:*:*:*:*:*:*:*

      Configuration 3

      cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*
      End excliding
      8.15.3
      cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*
      Start including
      10.0.0
      End excliding
      10.1.1

      Configuration 4

      cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*
      End excliding
      3.1
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top