Search for vulnerabilities
Vulnerability details: VCID-8e29-n224-fqdm
Vulnerability ID VCID-8e29-n224-fqdm
Aliases CVE-2024-45492
Summary An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
Status Published
Exploitability 0.5
Weighted Severity 8.8
Risk 4.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-190 Integer Overflow or Wraparound
System Score Found at
cvssv3 6.2 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45492.json
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00106 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00106 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00106 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00106 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00106 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00106 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00106 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00106 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00109 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00109 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00109 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00109 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00109 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00109 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00109 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00113 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00113 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00113 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00123 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00123 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00123 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00123 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00123 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00123 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00123 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00123 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00123 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00123 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00123 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00138 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00154 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00154 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00154 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00154 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00154 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00154 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00158 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00158 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00158 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00158 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00158 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00158 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00158 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00158 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00158 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00158 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00158 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00158 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.00192 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss 0.01044 https://api.first.org/data/v1/epss?cve=CVE-2024-45492
cvssv3.1 6.2 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 9.8 https://nvd.nist.gov/vuln/detail/CVE-2024-45492
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2024-45492
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45492.json
https://api.first.org/data/v1/epss?cve=CVE-2024-45492
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45492
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/libexpat/libexpat/issues/889
https://github.com/libexpat/libexpat/pull/892
https://security.netapp.com/advisory/ntap-20241018-0005/
1080152 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080152
2308617 https://bugzilla.redhat.com/show_bug.cgi?id=2308617
cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*
CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492
GLSA-202501-09 https://security.gentoo.org/glsa/202501-09
RHSA-2024:10135 https://access.redhat.com/errata/RHSA-2024:10135
RHSA-2024:11109 https://access.redhat.com/errata/RHSA-2024:11109
RHSA-2024:6754 https://access.redhat.com/errata/RHSA-2024:6754
RHSA-2024:6989 https://access.redhat.com/errata/RHSA-2024:6989
RHSA-2024:7213 https://access.redhat.com/errata/RHSA-2024:7213
RHSA-2024:7599 https://access.redhat.com/errata/RHSA-2024:7599
RHSA-2024:9610 https://access.redhat.com/errata/RHSA-2024:9610
USN-7000-1 https://usn.ubuntu.com/7000-1/
USN-7000-2 https://usn.ubuntu.com/7000-2/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45492.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-45492
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-45492
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.39976
EPSS Score 0.00091
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
2024-09-17T19:11:26.601463+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2024-45492 34.0.1