Search for vulnerabilities
Vulnerability details: VCID-6y74-4uqv-dka3
Vulnerability ID VCID-6y74-4uqv-dka3
Aliases CVE-2024-50602
Summary An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.
Status Published
Exploitability 0.5
Weighted Severity 5.3
Risk 2.6
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-754 Improper Check for Unusual or Exceptional Conditions
System Score Found at
cvssv3 5.9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50602.json
epss 0.00024 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00024 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00024 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00024 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00024 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00024 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00024 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00024 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00024 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00024 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00024 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00024 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00024 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00031 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00031 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00031 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00031 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00031 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00031 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00037 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.0009 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.0009 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.0009 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.0009 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.0009 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.0009 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.0009 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.0009 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss 0.00265 https://api.first.org/data/v1/epss?cve=CVE-2024-50602
cvssv3.1 5.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 5.9 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50602.json
https://api.first.org/data/v1/epss?cve=CVE-2024-50602
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50602
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/libexpat/libexpat/pull/915
https://lists.debian.org/debian-lts-announce/2025/04/msg00040.html
https://security.netapp.com/advisory/ntap-20250404-0008/
1086134 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086134
2321987 https://bugzilla.redhat.com/show_bug.cgi?id=2321987
CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602
RHSA-2024:11200 https://access.redhat.com/errata/RHSA-2024:11200
RHSA-2024:9502 https://access.redhat.com/errata/RHSA-2024:9502
RHSA-2024:9541 https://access.redhat.com/errata/RHSA-2024:9541
RHSA-2025:3350 https://access.redhat.com/errata/RHSA-2025:3350
USN-7145-1 https://usn.ubuntu.com/7145-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50602.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.05008
EPSS Score 0.00024
Published At April 15, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2024-10-27T11:37:05.152001+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 34.0.2