CVE-2021-45960

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).

CVSS v3 8.8 HIGH
CVSS v2.0 9.0 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.openwall.com/lists/oss-security/2022/01/17/3	Exploit Mailing List Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1217609	Issue Tracking Permissions Required Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf	Patch Third Party Advisory
https://github.com/libexpat/libexpat/issues/531	Exploit Issue Tracking Patch Third Party Advisory
https://github.com/libexpat/libexpat/pull/534	Patch Third Party Advisory
https://security.gentoo.org/glsa/202209-24	Third Party Advisory
https://security.netapp.com/advisory/ntap-20220121-0004/	Third Party Advisory
https://www.debian.org/security/2022/dsa-5073	Issue Tracking Third Party Advisory
https://www.tenable.com/security/tns-2022-05	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:tenable:nessus::::::::
	cpe:2.3:a:tenable:nessus::::::::

Configuration 3 (hide)

OR	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*

Configuration 4 (hide)

cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*

Configuration 5 (hide)

OR	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
	cpe:2.3:a:netapp:hci_baseboard_management_controller:h610c:::::::*
	cpe:2.3:a:netapp:hci_baseboard_management_controller:h610s:::::::*
	cpe:2.3:a:netapp:hci_baseboard_management_controller:h615c:::::::*
	cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*
	cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:::::::*

History

12 Jul 2022, 17:42

Type	Values Removed	Values Added
CWE	~~CWE-400~~	CWE-682

14 Jun 2022, 11:15

Type	Values Removed	Values Added
References		(CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf -

17 Mar 2022, 17:02

Type	Values Removed	Values Added
CPE		cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere:: cpe:2.3:o:debian:debian_linux:11.0:::::::* cpe:2.3:o:debian:debian_linux:10.0:::::::*
References	~~(DEBIAN) https://www.debian.org/security/2022/dsa-5073 -~~	(DEBIAN) https://www.debian.org/security/2022/dsa-5073 - Issue Tracking, Third Party Advisory
References	~~(MISC) https://bugzilla.mozilla.org/show_bug.cgi?id=1217609 - Issue Tracking, Third Party Advisory~~	(MISC) https://bugzilla.mozilla.org/show_bug.cgi?id=1217609 - Issue Tracking, Permissions Required, Third Party Advisory

14 Feb 2022, 12:15

Type	Values Removed	Values Added
References		(DEBIAN) https://www.debian.org/security/2022/dsa-5073 -

11 Feb 2022, 15:53

Type	Values Removed	Values Added
CVSS	v2 : ~~5.0~~ v3 : ~~7.5~~	v2 : 9.0 v3 : 8.8
CPE		cpe:2.3:a:netapp:solidfire:-:::::::* cpe:2.3:a:netapp:hci_management_node:-:::::::* cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::* cpe:2.3:a:tenable:nessus::::::::
References	~~(MLIST) http://www.openwall.com/lists/oss-security/2022/01/17/3 -~~	(MLIST) http://www.openwall.com/lists/oss-security/2022/01/17/3 - Exploit, Mailing List, Third Party Advisory
References	~~(CONFIRM) https://www.tenable.com/security/tns-2022-05 -~~	(CONFIRM) https://www.tenable.com/security/tns-2022-05 - Third Party Advisory
References	~~(CONFIRM) https://security.netapp.com/advisory/ntap-20220121-0004/ -~~	(CONFIRM) https://security.netapp.com/advisory/ntap-20220121-0004/ - Third Party Advisory

09 Feb 2022, 01:15

Type	Values Removed	Values Added
References		(CONFIRM) https://www.tenable.com/security/tns-2022-05 -

21 Jan 2022, 12:15

Type	Values Removed	Values Added
References		(CONFIRM) https://security.netapp.com/advisory/ntap-20220121-0004/ -

17 Jan 2022, 22:15

Type	Values Removed	Values Added
References		(MLIST) http://www.openwall.com/lists/oss-security/2022/01/17/3 -

12 Jan 2022, 20:36

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 5.0 v3 : 7.5
CWE		CWE-400
References	~~(MISC) https://github.com/libexpat/libexpat/pull/534 -~~	(MISC) https://github.com/libexpat/libexpat/pull/534 - Patch, Third Party Advisory
References	~~(MISC) https://bugzilla.mozilla.org/show_bug.cgi?id=1217609 -~~	(MISC) https://bugzilla.mozilla.org/show_bug.cgi?id=1217609 - Issue Tracking, Third Party Advisory
References	~~(MISC) https://github.com/libexpat/libexpat/issues/531 -~~	(MISC) https://github.com/libexpat/libexpat/issues/531 - Exploit, Issue Tracking, Patch, Third Party Advisory
CPE		cpe:2.3:a:libexpat_project:libexpat::::::::

01 Jan 2022, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-01-01 19:15

Updated : 2024-02-04 22:08

NVD link : CVE-2021-45960

Mitre link : CVE-2021-45960

CVE.ORG link : CVE-2021-45960

JSON object : View

Products Affected

debian

debian_linux

siemens

sinema_remote_connect_server

netapp

solidfire_\&_hci_management_node
active_iq_unified_manager
oncommand_workflow_automation
hci_baseboard_management_controller

libexpat_project

libexpat

tenable

nessus

CWE

CWE-682

Incorrect Calculation

8.8 /10