Vulnerability Name:

CVE-2021-45960 (CCN-216473)

Assigned:2021-12-31
Published:2021-12-31
Updated:2022-10-06
Summary:In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
CVSS v3 Severity:8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
8.8 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.7 High (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-682
CWE-130
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2021-45960

Source: MLIST
Type: Exploit, Mailing List, Third Party Advisory
[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes

Source: MISC
Type: Issue Tracking, Permissions Required, Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1217609

Source: CONFIRM
Type: Patch, Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf

Source: XF
Type: UNKNOWN
libexpat-cve202145960-dos(216473)

Source: CCN
Type: libexpat GIT Repository
[CVE-2021-45960] A large number of prefixed XML attributes on a single tag can crash libexpat (troublesome left shifts by >=29 bits in function storeAtts) #531

Source: MISC
Type: Exploit, Issue Tracking, Patch, Third Party Advisory
https://github.com/libexpat/libexpat/issues/531

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/libexpat/libexpat/pull/534

Source: CCN
Type: oss-sec Mailing List, Mon, 17 Jan 2022 11:54:56 -0800
Expat 2.4.3 released, includes 8 security fixes

Source: GENTOO
Type: Third Party Advisory
GLSA-202209-24

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20220121-0004/

Source: DEBIAN
Type: Issue Tracking, Third Party Advisory
DSA-5073

Source: CCN
Type: IBM Security Bulletin 6559296 (HTTP Server)
Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server due to Expat vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6563891 (Netezza Performance Portal)
Multiple vulnerabilities in IBM HTTP Server affect IBM Netezza Performance Portal

Source: CCN
Type: IBM Security Bulletin 6572673 (Netezza Analytics for NPS)
Expat vulnerabilities affect IBM Netezza Analytics for NPS

Source: CCN
Type: IBM Security Bulletin 6572681 (Netezza Analytics)
Expat vulnerabilities affect IBM Netezza Analytics

Source: CCN
Type: IBM Security Bulletin 6586492 (MQ Operator CD release)
IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from expat, Golang Go, gcc, openssl and libxml.

Source: CCN
Type: IBM Security Bulletin 6587158 (Tivoli Monitoring)
IBM Tivoli Monitoring is vulnerable to remote code execution and denial of service due to multiple Expat CVEs

Source: CCN
Type: IBM Security Bulletin 6590977 (Tivoli Monitoring)
Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server

Source: CCN
Type: IBM Security Bulletin 6601119 (Tivoli Network Manager)
Due to use of Expat IBM Tivoli Network Manager is vulnerable to arbitrary code execution (multiple vulnerabilities)

Source: CCN
Type: IBM Security Bulletin 6601293 (QRadar Network Packet Capture)
IBM QRadar Network Packet Capture includes multiple vulnerable components.

Source: CCN
Type: IBM Security Bulletin 6605299 (QRadar Network Security)
IBM QRadar Network Security is affected by multiple vulnerabilities in Expact library.

Source: CCN
Type: IBM Security Bulletin 6606251 (Rational ClearCase)
Multiple Vulnerabilities in Expat component shipped with IBM Rational ClearCase ( CVE-2021-45960, CVE-2021-46143 )

Source: CCN
Type: IBM Security Bulletin 6607135 (QRadar SIEM)
IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6607878 (AIX)
AIX is affected by multiple vulnerabilities in Python

Source: CCN
Type: IBM Security Bulletin 6612587 (Cloud Pak System Software)
Multiple vulnerabilities in expat, glibc, http server, dojo, openssl shipped with IBM Cloud Pak System

Source: CCN
Type: IBM Security Bulletin 6614725 (QRadar SIEM)
IBM QRadar SIEM includes components with multiple known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6826021 (Robotic Process Automation)
Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak

Source: CCN
Type: IBM Security Bulletin 6838291 (Cloud Pak for Security)
IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6854981 (Cloud Pak for Security)
IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Source: CONFIRM
Type: Third Party Advisory
https://www.tenable.com/security/tns-2022-05

Vulnerable Configuration:Configuration 1:
  • cpe:/a:libexpat_project:libexpat:*:*:*:*:*:*:*:* (Version < 2.4.3)

    • Configuration 2:
  • cpe:/a:tenable:nessus:*:*:*:*:*:*:*:* (Version < 8.15.3)
  • OR cpe:/a:tenable:nessus:*:*:*:*:*:*:*:* (Version >= 10.0.0 and < 10.1.1)

    • Configuration 3:
  • cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:11.0:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:* (Version < 3.1)

    • Configuration 5:
  • cpe:/a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
  • OR cpe:/a:netapp:solidfire_&_hci_management_node:-:*:*:*:*:*:*:*
  • OR cpe:/a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
  • OR cpe:/a:netapp:hci_baseboard_management_controller:h610c:*:*:*:*:*:*:*
  • OR cpe:/a:netapp:hci_baseboard_management_controller:h610s:*:*:*:*:*:*:*
  • OR cpe:/a:netapp:hci_baseboard_management_controller:h615c:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ibm:http_server:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:http_server:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:http_server:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearcase:8.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearcase:8.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_clearcase:9.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_network_security:5.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_network_security:5.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_network_packet_capture:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4:-:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation:21.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation:21.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation:21.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_security:1.10.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_security:1.10.6.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7492
    P
    		expat-2.4.4-150400.3.12.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:94547
    P
    		expat-2.4.4-150400.2.24 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:2917
    P
    		expat-2.4.4-150400.2.24 on GA media (Moderate)
    2022-06-22
    oval:com.redhat.rhsa:def:20221069
    P
    		RHSA-2022:1069: expat security update (Important)
    2022-03-28
    oval:com.redhat.rhsa:def:20220951
    P
    		RHSA-2022:0951: expat security update (Important)
    2022-03-16
    oval:org.opensuse.security:def:125715
    P
    		Security update for expat (Important)
    2022-01-25
    oval:org.opensuse.security:def:5254
    P
    		Security update for expat (Important)
    2022-01-25
    oval:org.opensuse.security:def:100739
    P
    		 (Important)
    2022-01-25
    oval:org.opensuse.security:def:119211
    P
    		Security update for expat (Important)
    2022-01-25
    oval:org.opensuse.security:def:42185
    P
    		Security update for expat (Important)
    2022-01-25
    oval:org.opensuse.security:def:99738
    P
    		 (Important)
    2022-01-25
    oval:org.opensuse.security:def:126880
    P
    		Security update for expat (Important)
    2022-01-25
    oval:org.opensuse.security:def:6048
    P
    		Security update for expat (Important)
    2022-01-25
    oval:org.opensuse.security:def:101608
    P
    		Security update for expat (Important)
    2022-01-25
    oval:org.opensuse.security:def:119401
    P
    		Security update for expat (Important)
    2022-01-25
    oval:org.opensuse.security:def:42291
    P
    		Security update for expat (Important)
    2022-01-25
    oval:org.opensuse.security:def:100067
    P
    		 (Important)
    2022-01-25
    oval:org.opensuse.security:def:127277
    P
    		Security update for expat (Important)
    2022-01-25
    oval:org.opensuse.security:def:118714
    P
    		Security update for expat (Important)
    2022-01-25
    oval:org.opensuse.security:def:896
    P
    		Security update for expat (Important)
    2022-01-25
    oval:org.opensuse.security:def:99202
    P
    		 (Important)
    2022-01-25
    oval:org.opensuse.security:def:119586
    P
    		Security update for expat (Important)
    2022-01-25
    oval:org.opensuse.security:def:100405
    P
    		 (Important)
    2022-01-25
    oval:org.opensuse.security:def:118904
    P
    		Security update for expat (Important)
    2022-01-25
    oval:org.opensuse.security:def:99476
    P
    		 (Important)
    2022-01-25
    BACK
    libexpat_project libexpat *
    tenable nessus *
    tenable nessus *
    debian debian linux 10.0
    debian debian linux 11.0
    siemens sinema remote connect server *
    netapp oncommand workflow automation -
    netapp solidfire & hci management node -
    netapp active iq unified manager -
    netapp hci baseboard management controller h610c
    netapp hci baseboard management controller h610s
    netapp hci baseboard management controller h615c
    ibm http server 7.0
    ibm http server 8.0
    ibm http server 8.5
    ibm tivoli monitoring 6.3.0
    ibm rational clearcase 8.0.1
    ibm rational clearcase 8.0.0
    ibm rational clearcase 9.0.1
    ibm qradar security information and event manager 7.3
    ibm qradar network security 5.4.0
    ibm tivoli monitoring 6.3.0.7
    ibm qradar network security 5.5.0
    ibm qradar network packet capture 7.3
    ibm qradar security information and event manager 7.4 -
    ibm aix 7.3
    ibm robotic process automation 21.0.0
    ibm robotic process automation 21.0.1
    ibm robotic process automation 21.0.2
    ibm cloud pak for security 1.10.0.0
    ibm cloud pak for security 1.10.6.0