Bug 2308615 (CVE-2024-45490) - CVE-2024-45490 libexpat: Negative Length Parsing Vulnerability in libexpat
Summary: CVE-2024-45490 libexpat: Negative Length Parsing Vulnerability in libexpat
Keywords:
Status: NEW
Alias: CVE-2024-45490
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2310135 2310136 2308681 2308682 2308683 2308684
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-08-30 03:20 UTC by OSIDB Bzimport
Modified: 2024-10-09 05:32 UTC (History)
23 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:6788 0 None None None 2024-09-18 18:48:34 UTC
Red Hat Product Errata RHBA-2024:6789 0 None None None 2024-09-18 18:57:42 UTC
Red Hat Product Errata RHBA-2024:6791 0 None None None 2024-09-18 18:57:56 UTC
Red Hat Product Errata RHBA-2024:6792 0 None None None 2024-09-18 18:58:54 UTC
Red Hat Product Errata RHBA-2024:6793 0 None None None 2024-09-18 18:59:19 UTC
Red Hat Product Errata RHBA-2024:6794 0 None None None 2024-09-18 18:59:22 UTC
Red Hat Product Errata RHBA-2024:6829 0 None None None 2024-09-19 08:01:04 UTC
Red Hat Product Errata RHBA-2024:6867 0 None None None 2024-09-19 14:39:50 UTC
Red Hat Product Errata RHBA-2024:6869 0 None None None 2024-09-19 14:45:16 UTC
Red Hat Product Errata RHBA-2024:6884 0 None None None 2024-09-19 16:55:13 UTC
Red Hat Product Errata RHBA-2024:6943 0 None None None 2024-09-23 16:29:21 UTC
Red Hat Product Errata RHBA-2024:7037 0 None None None 2024-09-24 08:55:30 UTC
Red Hat Product Errata RHBA-2024:7044 0 None None None 2024-09-24 09:51:02 UTC
Red Hat Product Errata RHBA-2024:7065 0 None None None 2024-09-24 15:57:41 UTC
Red Hat Product Errata RHBA-2024:7081 0 None None None 2024-09-24 19:58:12 UTC
Red Hat Product Errata RHBA-2024:7118 0 None None None 2024-09-25 14:10:34 UTC
Red Hat Product Errata RHBA-2024:7156 0 None None None 2024-09-25 22:00:32 UTC
Red Hat Product Errata RHBA-2024:7229 0 None None None 2024-09-26 14:15:36 UTC
Red Hat Product Errata RHBA-2024:7231 0 None None None 2024-09-26 14:16:17 UTC
Red Hat Product Errata RHBA-2024:7352 0 None None None 2024-09-30 01:34:23 UTC
Red Hat Product Errata RHBA-2024:7631 0 None None None 2024-10-03 13:32:02 UTC
Red Hat Product Errata RHBA-2024:7754 0 None None None 2024-10-07 13:42:00 UTC
Red Hat Product Errata RHSA-2024:6754 0 None None None 2024-09-18 11:50:26 UTC
Red Hat Product Errata RHSA-2024:6989 0 None None None 2024-09-24 01:20:33 UTC
Red Hat Product Errata RHSA-2024:7599 0 None None None 2024-10-09 05:32:28 UTC

Description OSIDB Bzimport 2024-08-30 03:20:31 UTC
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.

Comment 4 errata-xmlrpc 2024-09-18 11:50:24 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:6754 https://access.redhat.com/errata/RHSA-2024:6754

Comment 5 errata-xmlrpc 2024-09-24 01:20:31 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:6989 https://access.redhat.com/errata/RHSA-2024:6989

Comment 6 errata-xmlrpc 2024-10-09 05:32:26 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.16

Via RHSA-2024:7599 https://access.redhat.com/errata/RHSA-2024:7599


Note You need to log in before you can comment on or make changes to this bug.