Bug 2308616 (CVE-2024-45491) - CVE-2024-45491 libexpat: Integer Overflow or Wraparound
Summary: CVE-2024-45491 libexpat: Integer Overflow or Wraparound
Keywords:
Status: NEW
Alias: CVE-2024-45491
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2310141 2310142 2310143 2310144 2310145 2310146
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-08-30 03:20 UTC by OSIDB Bzimport
Modified: 2025-05-16 08:28 UTC (History)
7 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:6788 0 None None None 2024-09-18 18:48:32 UTC
Red Hat Product Errata RHBA-2024:6789 0 None None None 2024-09-18 18:57:44 UTC
Red Hat Product Errata RHBA-2024:6791 0 None None None 2024-09-18 18:57:58 UTC
Red Hat Product Errata RHBA-2024:6792 0 None None None 2024-09-18 18:58:58 UTC
Red Hat Product Errata RHBA-2024:6793 0 None None None 2024-09-18 18:59:20 UTC
Red Hat Product Errata RHBA-2024:6794 0 None None None 2024-09-18 18:59:22 UTC
Red Hat Product Errata RHBA-2024:6829 0 None None None 2024-09-19 08:01:04 UTC
Red Hat Product Errata RHBA-2024:6867 0 None None None 2024-09-19 14:39:50 UTC
Red Hat Product Errata RHBA-2024:6869 0 None None None 2024-09-19 14:45:17 UTC
Red Hat Product Errata RHBA-2024:6884 0 None None None 2024-09-19 16:55:14 UTC
Red Hat Product Errata RHBA-2024:6943 0 None None None 2024-09-23 16:29:21 UTC
Red Hat Product Errata RHBA-2024:7037 0 None None None 2024-09-24 08:55:30 UTC
Red Hat Product Errata RHBA-2024:7044 0 None None None 2024-09-24 09:51:02 UTC
Red Hat Product Errata RHBA-2024:7065 0 None None None 2024-09-24 15:57:40 UTC
Red Hat Product Errata RHBA-2024:7081 0 None None None 2024-09-24 19:58:13 UTC
Red Hat Product Errata RHBA-2024:7118 0 None None None 2024-09-25 14:10:37 UTC
Red Hat Product Errata RHBA-2024:7156 0 None None None 2024-09-25 22:00:31 UTC
Red Hat Product Errata RHBA-2024:7229 0 None None None 2024-09-26 14:15:36 UTC
Red Hat Product Errata RHBA-2024:7231 0 None None None 2024-09-26 14:16:20 UTC
Red Hat Product Errata RHBA-2024:7352 0 None None None 2024-09-30 01:34:23 UTC
Red Hat Product Errata RHBA-2024:7631 0 None None None 2024-10-03 13:31:59 UTC
Red Hat Product Errata RHBA-2024:7754 0 None None None 2024-10-07 13:42:01 UTC
Red Hat Product Errata RHSA-2024:6754 0 None None None 2024-09-18 11:50:26 UTC
Red Hat Product Errata RHSA-2024:6989 0 None None None 2024-09-24 01:20:37 UTC
Red Hat Product Errata RHSA-2024:7599 0 None None None 2024-10-09 05:32:49 UTC
Red Hat Product Errata RHSA-2024:8859 0 None None None 2024-11-05 01:36:42 UTC
Red Hat Product Errata RHSA-2024:9610 0 None None None 2024-11-19 08:22:13 UTC

Description OSIDB Bzimport 2024-08-30 03:20:33 UTC 
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
Comment 1 Sandipan Roy 2024-09-05 08:36:10 UTC 
https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes
Comment 4 errata-xmlrpc 2024-09-18 11:50:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:6754 https://access.redhat.com/errata/RHSA-2024:6754
Comment 5 errata-xmlrpc 2024-09-24 01:20:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:6989 https://access.redhat.com/errata/RHSA-2024:6989
Comment 6 errata-xmlrpc 2024-10-09 05:32:48 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.16

Via RHSA-2024:7599 https://access.redhat.com/errata/RHSA-2024:7599
Comment 7 errata-xmlrpc 2024-11-05 01:36:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:8859 https://access.redhat.com/errata/RHSA-2024:8859
Comment 8 errata-xmlrpc 2024-11-19 08:22:12 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2024:9610 https://access.redhat.com/errata/RHSA-2024:9610
Note You need to log in before you can comment on or make changes to this bug.