Critical severity9.8NVD Advisory· Published Aug 30, 2024· Updated Jun 17, 2026
CVE-2024-45492
CVE-2024-45492
Description
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
41cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*range: <2.6.3
- (no CPE)
- (no CPE)range: <2.6.3
- osv-coords38 versionspkg:rpm/almalinux/expatpkg:rpm/almalinux/expat-develpkg:rpm/opensuse/expat&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/expat&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/expat&distro=openSUSE%20Leap%20Micro%205.5pkg:rpm/opensuse/expat&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/libqt5-qtwebengine&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/mozjs115&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/mozjs115&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/mozjs128&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/mozjs52&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/mozjs60&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/mozjs78&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/mozjs78&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/mozjs78&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/x3270&distro=openSUSE%20Tumbleweedpkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/expat&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/expat&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/mozjs115&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP6pkg:rpm/suse/mozjs52&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7pkg:rpm/suse/mozjs60&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/mozjs60&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/mozjs60&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/mozjs60&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/mozjs60&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP7pkg:rpm/suse/mozjs78&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP5pkg:rpm/suse/mozjs78&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5pkg:rpm/suse/mozjs78&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6
< 2.5.0-2.el9_4.1+ 37 more
- (no CPE)range: < 2.5.0-2.el9_4.1
- (no CPE)range: < 2.5.0-2.el9_4.1
- (no CPE)range: < 2.4.4-150400.3.22.1
- (no CPE)range: < 2.4.4-150400.3.22.1
- (no CPE)range: < 2.4.4-150400.3.22.1
- (no CPE)range: < 2.6.3-1.1
- (no CPE)range: < 5.15.18-1.1
- (no CPE)range: < 115.4.0-150600.3.3.1
- (no CPE)range: < 115.4.0-5.1
- (no CPE)range: < 128.2.0-2.1
- (no CPE)range: < 52.6.0-150000.3.9.1
- (no CPE)range: < 60.9.0-150200.6.8.1
- (no CPE)range: < 78.15.0-150400.3.6.2
- (no CPE)range: < 78.15.0-150400.3.6.2
- (no CPE)range: < 78.15.0-5.1
- (no CPE)range: < 4.3-4.1
- (no CPE)range: < 2.2.5-150000.3.30.1
- (no CPE)range: < 2.2.5-150000.3.30.1
- (no CPE)range: < 2.4.4-150400.3.22.1
- (no CPE)range: < 2.4.4-150400.3.22.1
- (no CPE)range: < 2.4.4-150400.3.22.1
- (no CPE)range: < 2.4.4-150400.3.22.1
- (no CPE)range: < 2.4.4-150400.3.22.1
- (no CPE)range: < 2.1.0-21.37.1
- (no CPE)range: < 2.1.0-21.37.1
- (no CPE)range: < 2.1.0-21.37.1
- (no CPE)range: < 2.5.0-3.1
- (no CPE)range: < 2.7.1-slfo.1.1_1.1
- (no CPE)range: < 115.4.0-150600.3.3.1
- (no CPE)range: < 52.6.0-150000.3.9.1
- (no CPE)range: < 60.9.0-150200.6.8.1
- (no CPE)range: < 60.9.0-150200.6.8.1
- (no CPE)range: < 60.9.0-150200.6.8.1
- (no CPE)range: < 60.9.0-150200.6.8.1
- (no CPE)range: < 60.9.0-150200.6.8.1
- (no CPE)range: < 78.15.0-150400.3.6.2
- (no CPE)range: < 78.15.0-150400.3.6.2
- (no CPE)range: < 78.15.0-150400.3.6.2
Patches
Vulnerability mechanics
References
6- github.com/libexpat/libexpat/pull/892nvdPatch
- github.com/libexpat/libexpat/issues/889nvdIssue Tracking
- cert-portal.siemens.com/productcert/html/ssa-082556.htmlnvd
- cert-portal.siemens.com/productcert/html/ssa-613116.htmlnvd
- lists.debian.org/debian-lts-announce/2024/09/msg00036.htmlnvd
- security.netapp.com/advisory/ntap-20241018-0005/nvd
News mentions
0No linked articles in our index yet.