{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-29T16:07:13", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/libexpat/libexpat/issues/531"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/libexpat/libexpat/pull/534"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1217609"}, {"name": "[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2022/01/17/3"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20220121-0004/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.tenable.com/security/tns-2022-05"}, {"name": "DSA-5073", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2022/dsa-5073"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"}, {"name": "GLSA-202209-24", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202209-24"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-45960", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/libexpat/libexpat/issues/531", "refsource": "MISC", "url": "https://github.com/libexpat/libexpat/issues/531"}, {"name": "https://github.com/libexpat/libexpat/pull/534", "refsource": "MISC", "url": "https://github.com/libexpat/libexpat/pull/534"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1217609", "refsource": "MISC", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1217609"}, {"name": "[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/01/17/3"}, {"name": "https://security.netapp.com/advisory/ntap-20220121-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220121-0004/"}, {"name": "https://www.tenable.com/security/tns-2022-05", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2022-05"}, {"name": "DSA-5073", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5073"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"}, {"name": "GLSA-202209-24", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202209-24"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T04:54:31.123Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/libexpat/libexpat/issues/531"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/libexpat/libexpat/pull/534"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1217609"}, {"name": "[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/01/17/3"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20220121-0004/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.tenable.com/security/tns-2022-05"}, {"name": "DSA-5073", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2022/dsa-5073"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"}, {"name": "GLSA-202209-24", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202209-24"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-45960", "datePublished": "2022-01-01T18:47:46", "dateReserved": "2022-01-01T00:00:00", "dateUpdated": "2024-08-04T04:54:31.123Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A2FBF20-7B2C-49FF-83F8-1EF903078751", "versionEndExcluding": "2.4.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*", "matchCriteriaId": "C42F5145-1F37-40E2-AD83-495F7012BC3D", "versionEndExcluding": "8.15.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*", "matchCriteriaId": "112367D4-EF51-4050-834C-7E887A5C52D9", "versionEndExcluding": "10.1.1", "versionStartIncluding": "10.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "98CC9C9A-FE14-4D50-A8EC-C309229356C8", "versionEndExcluding": "3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h610c:*:*:*:*:*:*:*", "matchCriteriaId": "78BE572F-45C1-467F-918F-FB1276F6B495", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h610s:*:*:*:*:*:*:*", "matchCriteriaId": "DE7C6010-F736-4BDA-9E3B-C4370BBFA149", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:hci_baseboard_management_controller:h615c:*:*:*:*:*:*:*", "matchCriteriaId": "646FFC2B-6DC4-4BD8-AAE0-81895D397700", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:solidfire_\\&_hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "D6D700C5-F67F-4FFB-BE69-D524592A3D2E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory)."}, {"lang": "es", "value": "En Expat (tambi\u00e9n se conoce como libexpat) versiones anteriores a 2.4.3, un desplazamiento a la izquierda por 29 (o m\u00e1s) lugares en la funci\u00f3n storeAtts en el archivo xmlparse.c puede conllevar a un comportamiento incorrecto de reasignaci\u00f3n (por ejemplo, asignar muy pocos bytes, o s\u00f3lo liberar memoria)."}], "id": "CVE-2021-45960", "lastModified": "2022-10-06T19:08:03.287", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-01T19:15:08.030", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/01/17/3"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Permissions Required", "Third Party Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1217609"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/libexpat/libexpat/issues/531"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/libexpat/libexpat/pull/534"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202209-24"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20220121-0004/"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5073"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2022-05"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-682"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:1069", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "expat-0:2.1.0-14.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-03-28T00:00:00Z"}, {"advisory": "RHSA-2022:0951", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "expat-0:2.2.5-4.el8_5.3", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2022-03-16T00:00:00Z"}, {"advisory": "RHSA-2022:7144", "cpe": "cpe:/a:redhat:jboss_core_services:1", "package": "expat", "product_name": "Red Hat JBoss Core Services 1", "release_date": "2022-10-26T00:00:00Z"}], "bugzilla": {"description": "expat: Large number of prefixed XML attributes on a single tag can crash libexpat", "id": "2044451", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044451"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-682->CWE-130", "details": ["In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).", "expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to buffer overrun. The highest threat from this vulnerability is to availability."], "name": "CVE-2021-45960", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "expat", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "xulrunner", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "xulrunner", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "xmlrpc-c", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "expat", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "xmlrpc-c", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-01-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-45960\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-45960\nhttps://github.com/libexpat/libexpat/issues/531"], "threat_severity": "Moderate", "upstream_fix": "expat 2.4.3"}