VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-qjez-wwmn-nfed

Essentials
Severities (36)
References (23)
Severity details (7)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-qjez-wwmn-nfed
Aliases	CVE-2024-45490
Summary	An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
Status	Published
Exploitability	0.5
Weighted Severity	8.8
Risk	4.4
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-190	Integer Overflow or Wraparound
CWE-611	Improper Restriction of XML External Entity Reference

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45490.json
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2024-45490
epss	0.0007	https://api.first.org/data/v1/epss?cve=CVE-2024-45490
cvssv3.1	6.2	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	9.8	https://github.com/libexpat/libexpat/issues/887
ssvc	Track	https://github.com/libexpat/libexpat/issues/887
cvssv3.1	9.8	https://github.com/libexpat/libexpat/pull/890
ssvc	Track	https://github.com/libexpat/libexpat/pull/890
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2024-45490

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45490.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-45490
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45490
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://security.netapp.com/advisory/ntap-20241018-0004/
1080149		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080149
2308615		https://bugzilla.redhat.com/show_bug.cgi?id=2308615
887		https://github.com/libexpat/libexpat/issues/887
890		https://github.com/libexpat/libexpat/pull/890
cpe:2.3:a:libexpat_project:libexpat::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libexpat_project:libexpat::::::::
CVE-2024-45490		https://nvd.nist.gov/vuln/detail/CVE-2024-45490
RHSA-2024:10135		https://access.redhat.com/errata/RHSA-2024:10135
RHSA-2024:11109		https://access.redhat.com/errata/RHSA-2024:11109
RHSA-2024:6754		https://access.redhat.com/errata/RHSA-2024:6754
RHSA-2024:6989		https://access.redhat.com/errata/RHSA-2024:6989
RHSA-2024:7213		https://access.redhat.com/errata/RHSA-2024:7213
RHSA-2024:7599		https://access.redhat.com/errata/RHSA-2024:7599
RHSA-2024:9610		https://access.redhat.com/errata/RHSA-2024:9610
RHSA-2025:3453		https://access.redhat.com/errata/RHSA-2025:3453
USN-7000-1		https://usn.ubuntu.com/7000-1/
USN-7000-2		https://usn.ubuntu.com/7000-2/
USN-7001-1		https://usn.ubuntu.com/7001-1/
USN-7001-2		https://usn.ubuntu.com/7001-2/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45490.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/libexpat/libexpat/issues/887

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-30T18:17:03Z/ Found at https://github.com/libexpat/libexpat/issues/887

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/libexpat/libexpat/pull/890

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-08-30T18:17:03Z/ Found at https://github.com/libexpat/libexpat/pull/890

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-45490

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.21504
EPSS Score	0.00069
Published At	Aug. 4, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:34:09.951031+00:00	Alpine Linux Importer	Import	https://secdb.alpinelinux.org/v3.22/community.json	37.0.0