CVE-2024-45491

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Aug 30, 2024
Updated: Sep 4, 2024
CWE ID 190

Summary

CVE-2024-45491 identifies an integer overflow vulnerability found in libexpat versions prior to 2.6.3, specifically in the dtdCopy function of xmlparse.c on 32-bit platforms. Affected products include a variety of systems, specifically those associated with identifiers such as hAicIB through hAicH9 and cJsLr-. This vulnerability poses a high-security risk with an exploitability score of 3.9, as it allows attackers to potentially manipulate data over a network without requiring user interaction or elevated privileges. To remediate this issue, users are advised to upgrade to libexpat version 2.6.3 or later. The impact on confidentiality and integrity is rated low, but organizations should remain vigilant due to the nature of network-based attacks associated with this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share