Closed github-actions[bot] closed 1 month ago
https://avd.aquasec.com/nvd/cve-2024-45492
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Projects: accredited-programmes-and-oasys approved-premises-and-oasys arns-and-delius core-person-record-and-delius dps-and-delius effective-proposal-framework-and-delius hdc-licences-and-delius hmpps-auth-and-delius manage-supervision-and-delius manage-supervision-and-oasys oasys-and-delius pathfinder-and-delius prison-education-and-delius prisoner-profile-and-delius probation-search-and-delius resettlement-passport-and-delius sentence-plan-and-delius sentence-plan-and-oasys soc-and-delius subject-access-requests-and-delius Locations: libexpat:2.6.2-r0 () References: https://access.redhat.com/security/cve/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://ubuntu.com/security/notices/USN-7000-1 https://www.cve.org/CVERecord?id=CVE-2024-45492
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
libexpat:2.6.2-r0 ()
libexpat: integer overflow
https://avd.aquasec.com/nvd/cve-2024-45492