Search for vulnerabilities
Vulnerability details: VCID-k2w7-g7cv-2bhs
Vulnerability ID VCID-k2w7-g7cv-2bhs
Aliases CVE-2024-45490
Summary An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-611 Improper Restriction of XML External Entity Reference
CWE-190 Integer Overflow or Wraparound
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45490.json
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00039 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00043 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00045 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00046 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00052 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00055 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2024-45490
cvssv3.1 6.2 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2024-45490
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2024-45490
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45490.json
https://api.first.org/data/v1/epss?cve=CVE-2024-45490
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45490
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/libexpat/libexpat/issues/887
https://github.com/libexpat/libexpat/pull/890
https://security.netapp.com/advisory/ntap-20241018-0004/
1080149 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080149
2308615 https://bugzilla.redhat.com/show_bug.cgi?id=2308615
cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*
CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490
GLSA-202501-09 https://security.gentoo.org/glsa/202501-09
RHSA-2024:10135 https://access.redhat.com/errata/RHSA-2024:10135
RHSA-2024:11109 https://access.redhat.com/errata/RHSA-2024:11109
RHSA-2024:6754 https://access.redhat.com/errata/RHSA-2024:6754
RHSA-2024:6989 https://access.redhat.com/errata/RHSA-2024:6989
RHSA-2024:7213 https://access.redhat.com/errata/RHSA-2024:7213
RHSA-2024:7599 https://access.redhat.com/errata/RHSA-2024:7599
RHSA-2024:9610 https://access.redhat.com/errata/RHSA-2024:9610
RHSA-2025:3453 https://access.redhat.com/errata/RHSA-2025:3453
USN-7000-1 https://usn.ubuntu.com/7000-1/
USN-7000-2 https://usn.ubuntu.com/7000-2/
USN-7001-1 https://usn.ubuntu.com/7001-1/
USN-7001-2 https://usn.ubuntu.com/7001-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45490.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-45490
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-45490
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.08571
EPSS Score 0.00039
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2024-09-17T19:11:26.537313+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2024-45490 34.0.1