VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-dgs1-y858-hfhp

Essentials
Severities (22)
References (15)
Severity details (4)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-dgs1-y858-hfhp
Aliases	CVE-2024-50602
Summary	An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.
Status	Published
Exploitability	0.5
Weighted Severity	5.3
Risk	2.6
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-754

Improper Check for Unusual or Exceptional Conditions

System	Score	Found at
cvssv3	5.9	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50602.json
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss	0.00054	https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2024-50602
epss	0.00058	https://api.first.org/data/v1/epss?cve=CVE-2024-50602
cvssv3.1	5.9	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	5.9	https://github.com/libexpat/libexpat/pull/915
ssvc	Track	https://github.com/libexpat/libexpat/pull/915

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50602.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-50602
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50602
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://lists.debian.org/debian-lts-announce/2025/04/msg00040.html
		https://security.netapp.com/advisory/ntap-20250404-0008/
1086134		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086134
2321987		https://bugzilla.redhat.com/show_bug.cgi?id=2321987
915		https://github.com/libexpat/libexpat/pull/915
CVE-2024-50602		https://nvd.nist.gov/vuln/detail/CVE-2024-50602
RHSA-2024:11200		https://access.redhat.com/errata/RHSA-2024:11200
RHSA-2024:9502		https://access.redhat.com/errata/RHSA-2024:9502
RHSA-2024:9541		https://access.redhat.com/errata/RHSA-2024:9541
RHSA-2025:3350		https://access.redhat.com/errata/RHSA-2025:3350
USN-7145-1		https://usn.ubuntu.com/7145-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-50602.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/libexpat/libexpat/pull/915

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-30T18:00:51Z/ Found at https://github.com/libexpat/libexpat/pull/915

Exploit Prediction Scoring System (EPSS)

Percentile	0.16817
EPSS Score	0.00054
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:32:02.765217+00:00	Alpine Linux Importer	Import	https://secdb.alpinelinux.org/v3.22/main.json	37.0.0