High severity7.5NVD Advisory· Published Aug 30, 2024· Updated May 12, 2026
CVE-2024-45490
CVE-2024-45490
Description
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
40cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*range: <2.6.3
- (no CPE)
- (no CPE)range: <2.6.3
- osv-coords37 versionspkg:rpm/almalinux/expatpkg:rpm/almalinux/expat-develpkg:rpm/opensuse/expat&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/expat&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/expat&distro=openSUSE%20Leap%20Micro%205.5pkg:rpm/opensuse/expat&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/mozjs115&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/mozjs115&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/mozjs128&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/mozjs52&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/mozjs60&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/mozjs78&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/mozjs78&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/mozjs78&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/x3270&distro=openSUSE%20Tumbleweedpkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/expat&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/expat&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/mozjs115&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP6pkg:rpm/suse/mozjs52&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7pkg:rpm/suse/mozjs60&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/mozjs60&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/mozjs60&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/mozjs60&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/mozjs60&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP7pkg:rpm/suse/mozjs78&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP5pkg:rpm/suse/mozjs78&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5pkg:rpm/suse/mozjs78&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6
< 2.5.0-2.el9_4.1+ 36 more
- (no CPE)range: < 2.5.0-2.el9_4.1
- (no CPE)range: < 2.5.0-2.el9_4.1
- (no CPE)range: < 2.4.4-150400.3.22.1
- (no CPE)range: < 2.4.4-150400.3.22.1
- (no CPE)range: < 2.4.4-150400.3.22.1
- (no CPE)range: < 2.6.3-1.1
- (no CPE)range: < 115.4.0-150600.3.3.1
- (no CPE)range: < 115.4.0-5.1
- (no CPE)range: < 128.2.0-2.1
- (no CPE)range: < 52.6.0-150000.3.9.1
- (no CPE)range: < 60.9.0-150200.6.8.1
- (no CPE)range: < 78.15.0-150400.3.6.2
- (no CPE)range: < 78.15.0-150400.3.6.2
- (no CPE)range: < 78.15.0-5.1
- (no CPE)range: < 4.3-4.1
- (no CPE)range: < 2.2.5-150000.3.30.1
- (no CPE)range: < 2.2.5-150000.3.30.1
- (no CPE)range: < 2.4.4-150400.3.22.1
- (no CPE)range: < 2.4.4-150400.3.22.1
- (no CPE)range: < 2.4.4-150400.3.22.1
- (no CPE)range: < 2.4.4-150400.3.22.1
- (no CPE)range: < 2.4.4-150400.3.22.1
- (no CPE)range: < 2.1.0-21.37.1
- (no CPE)range: < 2.1.0-21.37.1
- (no CPE)range: < 2.1.0-21.37.1
- (no CPE)range: < 2.5.0-3.1
- (no CPE)range: < 2.7.1-slfo.1.1_1.1
- (no CPE)range: < 115.4.0-150600.3.3.1
- (no CPE)range: < 52.6.0-150000.3.9.1
- (no CPE)range: < 60.9.0-150200.6.8.1
- (no CPE)range: < 60.9.0-150200.6.8.1
- (no CPE)range: < 60.9.0-150200.6.8.1
- (no CPE)range: < 60.9.0-150200.6.8.1
- (no CPE)range: < 60.9.0-150200.6.8.1
- (no CPE)range: < 78.15.0-150400.3.6.2
- (no CPE)range: < 78.15.0-150400.3.6.2
- (no CPE)range: < 78.15.0-150400.3.6.2
Patches
Vulnerability mechanics
References
11- github.com/libexpat/libexpat/pull/890nvdPatch
- github.com/libexpat/libexpat/issues/887nvdIssue Tracking
- seclists.org/fulldisclosure/2024/Dec/10nvd
- seclists.org/fulldisclosure/2024/Dec/12nvd
- seclists.org/fulldisclosure/2024/Dec/6nvd
- seclists.org/fulldisclosure/2024/Dec/7nvd
- seclists.org/fulldisclosure/2024/Dec/8nvd
- cert-portal.siemens.com/productcert/html/ssa-082556.htmlnvd
- cert-portal.siemens.com/productcert/html/ssa-613116.htmlnvd
- lists.debian.org/debian-lts-announce/2024/09/msg00036.htmlnvd
- security.netapp.com/advisory/ntap-20241018-0004/nvd
News mentions
0No linked articles in our index yet.