In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
En Expat (también se conoce como libexpat) versiones anteriores a 2.4.3, un desplazamiento a la izquierda por 29 (o más) lugares en la función storeAtts en el archivo xmlparse.c puede conllevar a un comportamiento incorrecto de reasignación (por ejemplo, asignar muy pocos bytes, o sólo liberar memoria).
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | LOW |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
AV:N/AC:L/Au:S/C:C/I:C/A:C
| Access Vector | NETWORK |
|---|---|
| Access Complexity | LOW |
| Authentication | SINGLE |
| Confidentiality Impact | COMPLETE |
| Integrity Impact | COMPLETE |
| Availability Impact | COMPLETE |
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
CWE-682
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary |
en
CWE-682
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| libexpat_project | libexpat | * | <built-in method update of dict object at 0x72a9af821180> | Application |
| tenable | nessus | * | <built-in method update of dict object at 0x72a9e6d11c00> | Application |
| tenable | nessus | * | <built-in method update of dict object at 0x72a9cc848c00> | Application |
| debian | debian_linux | 10.0 | <built-in method update of dict object at 0x72a9e4187d00> | Operating System |
| debian | debian_linux | 11.0 | <built-in method update of dict object at 0x72a9af822680> | Operating System |
| siemens | sinema_remote_connect_server | * | <built-in method update of dict object at 0x72a9b0d8db40> | Application |
| netapp | active_iq_unified_manager | - | <built-in method update of dict object at 0x72a9cc84a040> | Application |
| netapp | hci_baseboard_management_controller | h610c | <built-in method update of dict object at 0x72a9cc121b40> | Application |
| netapp | hci_baseboard_management_controller | h610s | <built-in method update of dict object at 0x72a9990f0d00> | Application |
| netapp | hci_baseboard_management_controller | h615c | <built-in method update of dict object at 0x72a9af823100> | Application |
| netapp | oncommand_workflow_automation | - | <built-in method update of dict object at 0x72a9cc38c800> | Application |
| netapp | solidfire_\&_hci_management_node | - | <built-in method update of dict object at 0x72a9cc121b80> | Application |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* |
| Yes | cpe:2.3:a:netapp:hci_baseboard_management_controller:h610c:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:hci_baseboard_management_controller:h610s:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:hci_baseboard_management_controller:h615c:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:* |