VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-jk3t-c9pe-c3a1

Essentials
Severities (26)
References (23)
Severity details (7)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-jk3t-c9pe-c3a1
Aliases	CVE-2024-45491
Summary	An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
Status	Published
Exploitability	0.5
Weighted Severity	8.8
Risk	4.4
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-190

Integer Overflow or Wraparound

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45491.json
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss	0.0011	https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss	0.0011	https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss	0.0011	https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss	0.0011	https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss	0.0011	https://api.first.org/data/v1/epss?cve=CVE-2024-45491
cvssv3.1	6.2	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.3	https://github.com/libexpat/libexpat/issues/888
ssvc	Track	https://github.com/libexpat/libexpat/issues/888
cvssv3.1	7.3	https://github.com/libexpat/libexpat/pull/891
ssvc	Track	https://github.com/libexpat/libexpat/pull/891
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2024-45491

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45491.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-45491
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45491
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://security.netapp.com/advisory/ntap-20241018-0003/
1080150		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080150
2308616		https://bugzilla.redhat.com/show_bug.cgi?id=2308616
888		https://github.com/libexpat/libexpat/issues/888
891		https://github.com/libexpat/libexpat/pull/891
cpe:2.3:a:libexpat_project:libexpat::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libexpat_project:libexpat::::::::
CVE-2024-45491		https://nvd.nist.gov/vuln/detail/CVE-2024-45491
RHSA-2024:10135		https://access.redhat.com/errata/RHSA-2024:10135
RHSA-2024:11109		https://access.redhat.com/errata/RHSA-2024:11109
RHSA-2024:6754		https://access.redhat.com/errata/RHSA-2024:6754
RHSA-2024:6989		https://access.redhat.com/errata/RHSA-2024:6989
RHSA-2024:7213		https://access.redhat.com/errata/RHSA-2024:7213
RHSA-2024:7599		https://access.redhat.com/errata/RHSA-2024:7599
RHSA-2024:8859		https://access.redhat.com/errata/RHSA-2024:8859
RHSA-2024:9610		https://access.redhat.com/errata/RHSA-2024:9610
USN-7000-1		https://usn.ubuntu.com/7000-1/
USN-7000-2		https://usn.ubuntu.com/7000-2/
USN-7001-1		https://usn.ubuntu.com/7001-1/
USN-7001-2		https://usn.ubuntu.com/7001-2/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45491.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/libexpat/libexpat/issues/888

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-30T13:53:48Z/ Found at https://github.com/libexpat/libexpat/issues/888

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/libexpat/libexpat/pull/891

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-30T13:53:48Z/ Found at https://github.com/libexpat/libexpat/pull/891

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-45491

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.29734
EPSS Score	0.00107
Published At	Aug. 4, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:34:07.083382+00:00	Alpine Linux Importer	Import	https://secdb.alpinelinux.org/v3.22/community.json	37.0.0