CVE-2024-45492
Description
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Integer overflow in libexpat's nextScaffoldPart function on 32-bit platforms, fixed in version 2.6.3.
Vulnerability
Overview
CVE-2024-45492 is an integer overflow vulnerability in the nextScaffoldPart function within xmlparse.c of the libexpat XML parsing library, affecting versions prior to 2.6.3. The overflow occurs for the m_groupSize variable specifically on 32-bit platforms, where UINT_MAX equals SIZE_MAX, leading to potential memory corruption [3].
Exploitation
Conditions
The vulnerability is triggered during XML parsing when specially crafted input causes an integer overflow in the scaffold part tracking logic. No authentication is required, and the attack vector is network-based, as libexpat is widely used to parse XML data from untrusted sources. The weakness is present in the parsing of nested element structures [1][2][4].
Impact
Successful exploitation could allow an unauthenticated attacker to cause heap-based memory corruption, potentially leading to a denial of service or arbitrary code execution in the context of the application using libexpat. The CVSS v3 base score is 9.8 (Critical), reflecting the serious risk of remote compromise [1][2].
Mitigation
Status
The issue was addressed in libexpat version 2.6.3, released on September 4, 2024. Siemens has also released security advisories (SSA-082556, SSA-613116) identifying affected products like SIMATIC S7-1500 CPU family and providing remediation guidance. Users should update to the patched library version or apply vendor-specific fixes [1][2][3].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
39- libexpat/libexpatdescription
- osv-coords38 versionspkg:rpm/almalinux/expatpkg:rpm/almalinux/expat-develpkg:rpm/opensuse/expat&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/expat&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/expat&distro=openSUSE%20Leap%20Micro%205.5pkg:rpm/opensuse/expat&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/libqt5-qtwebengine&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/mozjs115&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/mozjs115&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/mozjs128&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/mozjs52&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/mozjs60&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/mozjs78&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/mozjs78&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/mozjs78&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/x3270&distro=openSUSE%20Tumbleweedpkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/expat&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/expat&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/mozjs115&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP6pkg:rpm/suse/mozjs52&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7pkg:rpm/suse/mozjs60&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/mozjs60&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/mozjs60&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/mozjs60&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/mozjs60&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP7pkg:rpm/suse/mozjs78&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP5pkg:rpm/suse/mozjs78&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5pkg:rpm/suse/mozjs78&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6
< 2.5.0-2.el9_4.1+ 37 more
- (no CPE)range: < 2.5.0-2.el9_4.1
- (no CPE)range: < 2.5.0-2.el9_4.1
- (no CPE)range: < 2.4.4-150400.3.22.1
- (no CPE)range: < 2.4.4-150400.3.22.1
- (no CPE)range: < 2.4.4-150400.3.22.1
- (no CPE)range: < 2.6.3-1.1
- (no CPE)range: < 5.15.18-1.1
- (no CPE)range: < 115.4.0-150600.3.3.1
- (no CPE)range: < 115.4.0-5.1
- (no CPE)range: < 128.2.0-2.1
- (no CPE)range: < 52.6.0-150000.3.9.1
- (no CPE)range: < 60.9.0-150200.6.8.1
- (no CPE)range: < 78.15.0-150400.3.6.2
- (no CPE)range: < 78.15.0-150400.3.6.2
- (no CPE)range: < 78.15.0-5.1
- (no CPE)range: < 4.3-4.1
- (no CPE)range: < 2.2.5-150000.3.30.1
- (no CPE)range: < 2.2.5-150000.3.30.1
- (no CPE)range: < 2.4.4-150400.3.22.1
- (no CPE)range: < 2.4.4-150400.3.22.1
- (no CPE)range: < 2.4.4-150400.3.22.1
- (no CPE)range: < 2.4.4-150400.3.22.1
- (no CPE)range: < 2.4.4-150400.3.22.1
- (no CPE)range: < 2.1.0-21.37.1
- (no CPE)range: < 2.1.0-21.37.1
- (no CPE)range: < 2.1.0-21.37.1
- (no CPE)range: < 2.5.0-3.1
- (no CPE)range: < 2.7.1-slfo.1.1_1.1
- (no CPE)range: < 115.4.0-150600.3.3.1
- (no CPE)range: < 52.6.0-150000.3.9.1
- (no CPE)range: < 60.9.0-150200.6.8.1
- (no CPE)range: < 60.9.0-150200.6.8.1
- (no CPE)range: < 60.9.0-150200.6.8.1
- (no CPE)range: < 60.9.0-150200.6.8.1
- (no CPE)range: < 60.9.0-150200.6.8.1
- (no CPE)range: < 78.15.0-150400.3.6.2
- (no CPE)range: < 78.15.0-150400.3.6.2
- (no CPE)range: < 78.15.0-150400.3.6.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/libexpat/libexpat/pull/892nvdPatch
- github.com/libexpat/libexpat/issues/889nvdIssue Tracking
- cert-portal.siemens.com/productcert/html/ssa-082556.htmlnvd
- cert-portal.siemens.com/productcert/html/ssa-613116.htmlnvd
- lists.debian.org/debian-lts-announce/2024/09/msg00036.htmlnvd
- security.netapp.com/advisory/ntap-20241018-0005/nvd
News mentions
0No linked articles in our index yet.