Search for vulnerabilities
Vulnerability details: VCID-s2ze-avjx-q7av
Vulnerability ID VCID-s2ze-avjx-q7av
Aliases CVE-2024-45491
Summary An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
Status Published
Exploitability 0.5
Weighted Severity 8.8
Risk 4.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-190 Integer Overflow or Wraparound
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45491.json
epss 0.00048 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00048 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00048 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00058 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00059 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00062 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00067 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00084 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00084 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00084 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00084 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00084 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00084 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00084 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00087 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00091 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00195 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
epss 0.00458 https://api.first.org/data/v1/epss?cve=CVE-2024-45491
cvssv3.1 6.2 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3 9.8 https://nvd.nist.gov/vuln/detail/CVE-2024-45491
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2024-45491
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45491.json
https://api.first.org/data/v1/epss?cve=CVE-2024-45491
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45491
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/libexpat/libexpat/issues/888
https://github.com/libexpat/libexpat/pull/891
https://security.netapp.com/advisory/ntap-20241018-0003/
1080150 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080150
2308616 https://bugzilla.redhat.com/show_bug.cgi?id=2308616
cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*
CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491
GLSA-202501-09 https://security.gentoo.org/glsa/202501-09
RHSA-2024:10135 https://access.redhat.com/errata/RHSA-2024:10135
RHSA-2024:11109 https://access.redhat.com/errata/RHSA-2024:11109
RHSA-2024:6754 https://access.redhat.com/errata/RHSA-2024:6754
RHSA-2024:6989 https://access.redhat.com/errata/RHSA-2024:6989
RHSA-2024:7213 https://access.redhat.com/errata/RHSA-2024:7213
RHSA-2024:7599 https://access.redhat.com/errata/RHSA-2024:7599
RHSA-2024:8859 https://access.redhat.com/errata/RHSA-2024:8859
RHSA-2024:9610 https://access.redhat.com/errata/RHSA-2024:9610
USN-7000-1 https://usn.ubuntu.com/7000-1/
USN-7000-2 https://usn.ubuntu.com/7000-2/
USN-7001-1 https://usn.ubuntu.com/7001-1/
USN-7001-2 https://usn.ubuntu.com/7001-2/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45491.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-45491
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-45491
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.15
EPSS Score 0.00048
Published At April 18, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2024-09-17T19:11:26.569010+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2024-45491 34.0.1