CVE-2021-45960 — HIGH (8.8)

Q: How severe is CVE-2021-45960?

CVE-2021-45960 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-45960?

Check the references section above for vendor advisories and patch information. Affected products include: Libexpat Project Libexpat, Tenable Nessus, Debian Debian Linux, Siemens Sinema Remote Connect Server, Netapp Active Iq Unified Manager.

Vulnerability Description

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Libexpat Project	Libexpat	< 2.4.3
Tenable	Nessus	< 8.15.3
Debian	Debian Linux	10.0
Siemens	Sinema Remote Connect Server	< 3.1
Netapp	Active Iq Unified Manager	-
Netapp	Hci Baseboard Management Controller	h610c
Netapp	Oncommand Workflow Automation	-
Netapp	Solidfire \& Hci Management Node	-

Related Weaknesses (CWE)

CWE-682

References

http://www.openwall.com/lists/oss-security/2022/01/17/3ExploitMailing ListThird Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1217609Issue TrackingPermissions RequiredThird Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdfPatchThird Party Advisory
https://github.com/libexpat/libexpat/issues/531ExploitIssue TrackingPatch
https://github.com/libexpat/libexpat/pull/534PatchThird Party Advisory
https://security.gentoo.org/glsa/202209-24Third Party Advisory
https://security.netapp.com/advisory/ntap-20220121-0004/Third Party Advisory
https://www.debian.org/security/2022/dsa-5073Issue TrackingThird Party Advisory
https://www.tenable.com/security/tns-2022-05Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/01/17/3ExploitMailing ListThird Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1217609Issue TrackingPermissions RequiredThird Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdfPatchThird Party Advisory
https://github.com/libexpat/libexpat/issues/531ExploitIssue TrackingPatch
https://github.com/libexpat/libexpat/pull/534PatchThird Party Advisory
https://security.gentoo.org/glsa/202209-24Third Party Advisory

FAQ

What is CVE-2021-45960?

CVE-2021-45960 is a vulnerability with a CVSS score of 8.8 (HIGH). In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memor...

How severe is CVE-2021-45960?

CVE-2021-45960 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-45960?

Check the references section above for vendor advisories and patch information. Affected products include: Libexpat Project Libexpat, Tenable Nessus, Debian Debian Linux, Siemens Sinema Remote Connect Server, Netapp Active Iq Unified Manager.