CVE-2021-45960
Description
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.346
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are fixed in IBM HTTP 8.5.5.2 | Windows |
| Multiple vulnerabilities are fixed in IBM HTTP 9.0.5.11 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2.4 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 12.0.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.3.0.7 | Windows |
| expat security update(DSA-5073-1) expat_2.2.6-2+deb10u2_amd64.deb | Linux |
| expat security update(DSA-5073-1) expat_2.2.6-2+deb10u2_i386.deb | Linux |
| expat security update(DSA-5073-1) Debian_expat_2.2.6-2+deb10u2_amd64.deb | Linux |
| expat security update(DSA-5073-1) expat_2.2.10-2+deb11u1_amd64.deb | Linux |
| XML parsing C library (USN-5288-1) libexpat1_2.2.5-3ubuntu0.7_i386.deb | Linux |
| XML parsing C library (USN-5288-1) libexpat1_2.2.5-3ubuntu0.7_amd64.deb | Linux |
| XML parsing C library (USN-5288-1) libexpat1_2.2.9-1ubuntu0.4_i386.deb | Linux |
| XML parsing C library (USN-5288-1) libexpat1_2.2.9-1ubuntu0.4_amd64.deb | Linux |
| XML parsing C library (USN-5288-1) libexpat1_2.4.1-2ubuntu0.3_i386.deb | Linux |
| XML parsing C library (USN-5288-1) libexpat1_2.4.1-2ubuntu0.3_amd64.deb | Linux |
| (RHSA-2022:0951) expat security update expat-debugsource-2.2.5-4.el8_5.3.i686.rpm | Linux |
| (RHSA-2022:0951) expat security update expat-debugsource-2.2.5-4.el8_5.3.x86_64.rpm | Linux |
| (RHSA-2022:1069) expat security update expat-2.1.0-14.el7_9.i686.rpm | Linux |
| (RHSA-2022:1069) expat security update expat-2.1.0-14.el7_9.x86_64.rpm | Linux |
| (RHSA-2022:1069) expat security update expat-devel-2.1.0-14.el7_9.i686.rpm | Linux |
| (RHSA-2022:1069) expat security update expat-devel-2.1.0-14.el7_9.x86_64.rpm | Linux |
| (RHSA-2022:1069) expat security update expat-static-2.1.0-14.el7_9.i686.rpm | Linux |
| (RHSA-2022:1069) expat security update expat-static-2.1.0-14.el7_9.x86_64.rpm | Linux |
| Expat update (ELSA-2022-0951) expat-2.2.5-4.el8_5.3.i686.rpm | Linux |
| Expat update (ELSA-2022-0951) expat-2.2.5-4.el8_5.3.x86_64.rpm | Linux |
| Expat-devel update (ELSA-2022-0951) expat-devel-2.2.5-4.el8_5.3.i686.rpm | Linux |
| Expat-devel update (ELSA-2022-0951) expat-devel-2.2.5-4.el8_5.3.x86_64.rpm | Linux |
| SUSE-SU-2022:0179-1(SUSE Linux Enterprise Server 12-SP5 ) expat-2.1.0-21.12.1.x86_64.rpm | Linux |
| SUSE-SU-2022:0179-1(SUSE Linux Enterprise Server 12-SP5 ) expat-debuginfo-2.1.0-21.12.1.x86_64.rpm | Linux |
| SUSE-SU-2022:0179-1(SUSE Linux Enterprise Server 12-SP5 ) expat-debuginfo-32bit-2.1.0-21.12.1.x86_64.rpm | Linux |
| SUSE-SU-2022:0179-1(SUSE Linux Enterprise Server 12-SP5 ) expat-debugsource-2.1.0-21.12.1.x86_64.rpm | Linux |
| SUSE-SU-2022:0179-1(SUSE Linux Enterprise Server 12-SP5 ) libexpat1-2.1.0-21.12.1.x86_64.rpm | Linux |
| SUSE-SU-2022:0179-1(SUSE Linux Enterprise Server 12-SP5 ) libexpat1-32bit-2.1.0-21.12.1.x86_64.rpm | Linux |
| SUSE-SU-2022:0179-1(SUSE Linux Enterprise Server 12-SP5 ) libexpat1-debuginfo-2.1.0-21.12.1.x86_64.rpm | Linux |
| SUSE-SU-2022:0179-1(SUSE Linux Enterprise Server 12-SP5 ) libexpat1-debuginfo-32bit-2.1.0-21.12.1.x86_64.rpm | Linux |
| Expat update (ELSA-2022-1069) expat-2.1.0-14.0.1.el7_9.i686.rpm | Linux |
| Expat update (ELSA-2022-1069) expat-2.1.0-14.0.1.el7_9.x86_64.rpm | Linux |
| Expat-devel update (ELSA-2022-1069) expat-devel-2.1.0-14.0.1.el7_9.i686.rpm | Linux |
| Expat-devel update (ELSA-2022-1069) expat-devel-2.1.0-14.0.1.el7_9.x86_64.rpm | Linux |
| Expat-static update (ELSA-2022-1069) expat-static-2.1.0-14.0.1.el7_9.i686.rpm | Linux |
| Expat-static update (ELSA-2022-1069) expat-static-2.1.0-14.0.1.el7_9.x86_64.rpm | Linux |
| expat Security Update (ALAS2023-2023-058) expat-2.5.0-1.amzn2023.0.2.x86_64.rpm | Linux |
| expat Security Update (ALAS2023-2023-058) expat-devel-2.5.0-1.amzn2023.0.2.x86_64.rpm | Linux |
| expat Security Update (ALAS2023-2023-058) expat-static-2.5.0-1.amzn2023.0.2.x86_64.rpm | Linux |
| Incorrect Calculation Vulnerability (CVE-2021-45960) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234