CVE-2021-45960

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
References
Link Resource
https://github.com/libexpat/libexpat/issues/531 Exploit Issue Tracking Patch Third Party Advisory
https://github.com/libexpat/libexpat/pull/534 Patch Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1217609 Issue Tracking Permissions Required Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/01/17/3 Exploit Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20220121-0004/ Third Party Advisory
https://www.tenable.com/security/tns-2022-05 Third Party Advisory
https://www.debian.org/security/2022/dsa-5073 Issue Tracking Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf Patch Third Party Advisory
https://security.gentoo.org/glsa/202209-24 Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*
cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:hci_baseboard_management_controller:h610c:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_baseboard_management_controller:h610s:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_baseboard_management_controller:h615c:*:*:*:*:*:*:*

Information

Published : 2022-01-01 11:15

Updated : 2022-10-06 12:08


NVD link : CVE-2021-45960

Mitre link : CVE-2021-45960


JSON object : View

CWE
CWE-682

Incorrect Calculation

Advertisement

dedicated server usa

Products Affected

netapp

  • oncommand_workflow_automation
  • solidfire_\&_hci_management_node
  • hci_baseboard_management_controller
  • active_iq_unified_manager

libexpat_project

  • libexpat

tenable

  • nessus

siemens

  • sinema_remote_connect_server

debian

  • debian_linux