Vulnerability Name:
CVE-2021-46143 (CCN-216875)
Assigned:
2021-12-30
Published:
2021-12-30
Updated:
2022-10-06
Summary:
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
CVSS v3 Severity:
7.8 High
(CVSS v3.1 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
)
6.8 Medium
(Temporal CVSS v3.1 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
)
Exploitability Metrics:
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
High
Integrity (I):
High
Availibility (A):
High
7.8 High
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
)
6.8 Medium
(CCN Temporal CVSS v3.1 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
)
Exploitability Metrics:
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
High
Integrity (I):
High
Availibility (A):
High
7.8 High
(REDHAT CVSS v3.1 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
)
6.8 Medium
(REDHAT Temporal CVSS v3.1 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
)
Exploitability Metrics:
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
High
Integrity (I):
High
Availibility (A):
High
CVSS v2 Severity:
6.8 Medium
(CVSS v2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Medium
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
Partial
Availibility (A):
Partial
6.8 Medium
(CCN CVSS v2 Vector:
AV:L/AC:L/Au:S/C:C/I:C/A:C
)
Exploitability Metrics:
Access Vector (AV):
Local
Access Complexity (AC):
Low
Athentication (Au):
Single_Instance
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
Vulnerability Type:
CWE-190
Vulnerability Consequences:
Gain Access
References:
Source: MITRE
Type: CNA
CVE-2021-46143
Source: MLIST
Type: Mailing List, Patch, Third Party Advisory
[oss-security] 20220117 Expat 2.4.3 released, includes 8 security fixes
Source: CONFIRM
Type: Patch, Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
Source: XF
Type: UNKNOWN
expat-cve202146143-code-exec(216875)
Source: CCN
Type: libexpat GIT Repository
[CVE-2021-46143] Crafted XML file can cause integer overflow on m_groupSize in function doProlog #532
Source: MISC
Type: Exploit, Issue Tracking, Patch, Third Party Advisory
https://github.com/libexpat/libexpat/issues/532
Source: MISC
Type: Patch, Third Party Advisory
https://github.com/libexpat/libexpat/pull/538
Source: CCN
Type: oss-sec Mailing List, Mon, 17 Jan 2022 11:54:56 -0800
Expat 2.4.3 released, includes 8 security fixes
Source: GENTOO
Type: Third Party Advisory
GLSA-202209-24
Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20220121-0006/
Source: DEBIAN
Type: Third Party Advisory
DSA-5073
Source: CCN
Type: IBM Security Bulletin 6559296 (HTTP Server)
Multiple vulnerabilities in IBM HTTP Server used by IBM WebSphere Application Server due to Expat vulnerabilities
Source: CCN
Type: IBM Security Bulletin 6563891 (Netezza Performance Portal)
Multiple vulnerabilities in IBM HTTP Server affect IBM Netezza Performance Portal
Source: CCN
Type: IBM Security Bulletin 6572673 (Netezza Analytics for NPS)
Expat vulnerabilities affect IBM Netezza Analytics for NPS
Source: CCN
Type: IBM Security Bulletin 6572681 (Netezza Analytics)
Expat vulnerabilities affect IBM Netezza Analytics
Source: CCN
Type: IBM Security Bulletin 6586492 (MQ Operator CD release)
IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from expat, Golang Go, gcc, openssl and libxml.
Source: CCN
Type: IBM Security Bulletin 6587158 (Tivoli Monitoring)
IBM Tivoli Monitoring is vulnerable to remote code execution and denial of service due to multiple Expat CVEs
Source: CCN
Type: IBM Security Bulletin 6590977 (Tivoli Monitoring)
Multiple vulnerabilities affect IBM Tivoli Monitoring included WebSphere Application Server and IBM HTTP Server used by WebSphere Application Server
Source: CCN
Type: IBM Security Bulletin 6601119 (Tivoli Network Manager)
Due to use of Expat IBM Tivoli Network Manager is vulnerable to arbitrary code execution (multiple vulnerabilities)
Source: CCN
Type: IBM Security Bulletin 6601293 (QRadar Network Packet Capture)
IBM QRadar Network Packet Capture includes multiple vulnerable components.
Source: CCN
Type: IBM Security Bulletin 6605299 (QRadar Network Security)
IBM QRadar Network Security is affected by multiple vulnerabilities in Expact library.
Source: CCN
Type: IBM Security Bulletin 6606251 (Rational ClearCase)
Multiple Vulnerabilities in Expat component shipped with IBM Rational ClearCase ( CVE-2021-45960, CVE-2021-46143 )
Source: CCN
Type: IBM Security Bulletin 6607135 (QRadar SIEM)
IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities
Source: CCN
Type: IBM Security Bulletin 6607878 (AIX)
AIX is affected by multiple vulnerabilities in Python
Source: CCN
Type: IBM Security Bulletin 6612587 (Cloud Pak System Software)
Multiple vulnerabilities in expat, glibc, http server, dojo, openssl shipped with IBM Cloud Pak System
Source: CCN
Type: IBM Security Bulletin 6614725 (QRadar SIEM)
IBM QRadar SIEM includes components with multiple known vulnerabilities
Source: CCN
Type: IBM Security Bulletin 6826021 (Robotic Process Automation)
Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak
Source: CCN
Type: IBM Security Bulletin 6838291 (Cloud Pak for Security)
IBM Cloud Pak for Security includes components with multiple known vulnerabilities
Source: CCN
Type: IBM Security Bulletin 6854981 (Cloud Pak for Security)
IBM Cloud Pak for Security includes components with multiple known vulnerabilities
Source: CONFIRM
Type: Third Party Advisory
https://www.tenable.com/security/tns-2022-05
Vulnerable Configuration:
Configuration 1
:
cpe:/a:libexpat_project:libexpat:*:*:*:*:*:*:*:*
(Version < 2.4.3)
Configuration 2
:
cpe:/a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
OR
cpe:/a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
OR
cpe:/a:netapp:solidfire_&_hci_management_node:-:*:*:*:*:*:*:*
OR
cpe:/a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
OR
cpe:/a:netapp:hci_baseboard_management_controller:h610c:*:*:*:*:*:*:*
OR
cpe:/a:netapp:hci_baseboard_management_controller:h610s:*:*:*:*:*:*:*
OR
cpe:/a:netapp:hci_baseboard_management_controller:h615c:*:*:*:*:*:*:*
Configuration 3
:
cpe:/a:tenable:nessus:*:*:*:*:*:*:*:*
(Version < 8.15.3)
OR
cpe:/a:tenable:nessus:*:*:*:*:*:*:*:*
(Version >= 10.0.0 and < 10.1.1)
Configuration 4
:
cpe:/a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*
(Version < 3.1)
Configuration RedHat 1
:
cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*
Configuration RedHat 2
:
cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*
Configuration RedHat 3
:
cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*
Configuration RedHat 4
:
cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*
Configuration RedHat 5
:
cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*
Configuration RedHat 6
:
cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*
Configuration RedHat 7
:
cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*
Configuration RedHat 8
:
cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*
Configuration RedHat 9
:
cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*
Configuration CCN 1
:
cpe:/a:ibm:http_server:7.0:*:*:*:*:*:*:*
OR
cpe:/a:ibm:http_server:8.0:*:*:*:*:*:*:*
OR
cpe:/a:ibm:http_server:8.5:*:*:*:*:*:*:*
OR
cpe:/a:ibm:tivoli_monitoring:6.3.0:*:*:*:*:*:*:*
OR
cpe:/a:ibm:rational_clearcase:8.0.1:*:*:*:*:*:*:*
OR
cpe:/a:ibm:rational_clearcase:8.0.0:*:*:*:*:*:*:*
OR
cpe:/a:ibm:rational_clearcase:9.0.1:*:*:*:*:*:*:*
OR
cpe:/a:ibm:qradar_security_information_and_event_manager:7.3:*:*:*:*:*:*:*
OR
cpe:/a:ibm:qradar_network_security:5.4.0:*:*:*:*:*:*:*
OR
cpe:/a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*
OR
cpe:/a:ibm:qradar_network_security:5.5.0:*:*:*:*:*:*:*
OR
cpe:/a:ibm:qradar_network_packet_capture:7.3:*:*:*:*:*:*:*
OR
cpe:/a:ibm:qradar_security_information_and_event_manager:7.4:-:*:*:*:*:*:*
OR
cpe:/o:ibm:aix:7.3:*:*:*:*:*:*:*
OR
cpe:/a:ibm:robotic_process_automation:21.0.0:*:*:*:*:*:*:*
OR
cpe:/a:ibm:robotic_process_automation:21.0.1:*:*:*:*:*:*:*
OR
cpe:/a:ibm:robotic_process_automation:21.0.2:*:*:*:*:*:*:*
OR
cpe:/a:ibm:cloud_pak_for_security:1.10.0.0:*:*:*:*:*:*:*
OR
cpe:/a:ibm:cloud_pak_for_security:1.10.6.0:*:*:*:*:*:*:*
Denotes that component is vulnerable
Oval Definitions
Definition ID
Class
Title
Last Modified
oval:org.opensuse.security:def:7492
P
expat-2.4.4-150400.3.12.1 on GA media (Moderate)
2023-06-12
oval:com.redhat.rhsa:def:20227692
P
RHSA-2022:7692: xmlrpc-c security update (Moderate)
2022-11-08
oval:org.opensuse.security:def:94547
P
expat-2.4.4-150400.2.24 on GA media (Moderate)
2022-06-22
oval:org.opensuse.security:def:2917
P
expat-2.4.4-150400.2.24 on GA media (Moderate)
2022-06-22
oval:com.redhat.rhsa:def:20221069
P
RHSA-2022:1069: expat security update (Important)
2022-03-28
oval:com.redhat.rhsa:def:20220951
P
RHSA-2022:0951: expat security update (Important)
2022-03-16
oval:org.opensuse.security:def:125715
P
Security update for expat (Important)
2022-01-25
oval:org.opensuse.security:def:5254
P
Security update for expat (Important)
2022-01-25
oval:org.opensuse.security:def:100739
P
(Important)
2022-01-25
oval:org.opensuse.security:def:119211
P
Security update for expat (Important)
2022-01-25
oval:org.opensuse.security:def:42185
P
Security update for expat (Important)
2022-01-25
oval:org.opensuse.security:def:99738
P
(Important)
2022-01-25
oval:org.opensuse.security:def:126880
P
Security update for expat (Important)
2022-01-25
oval:org.opensuse.security:def:6048
P
Security update for expat (Important)
2022-01-25
oval:org.opensuse.security:def:101608
P
Security update for expat (Important)
2022-01-25
oval:org.opensuse.security:def:119401
P
Security update for expat (Important)
2022-01-25
oval:org.opensuse.security:def:42291
P
Security update for expat (Important)
2022-01-25
oval:org.opensuse.security:def:100067
P
(Important)
2022-01-25
oval:org.opensuse.security:def:127277
P
Security update for expat (Important)
2022-01-25
oval:org.opensuse.security:def:118714
P
Security update for expat (Important)
2022-01-25
oval:org.opensuse.security:def:896
P
Security update for expat (Important)
2022-01-25
oval:org.opensuse.security:def:99202
P
(Important)
2022-01-25
oval:org.opensuse.security:def:119586
P
Security update for expat (Important)
2022-01-25
oval:org.opensuse.security:def:100405
P
(Important)
2022-01-25
oval:org.opensuse.security:def:118904
P
Security update for expat (Important)
2022-01-25
oval:org.opensuse.security:def:99476
P
(Important)
2022-01-25
BACK
libexpat_project
libexpat *
netapp
oncommand workflow automation -
netapp
clustered data ontap -
netapp
solidfire & hci management node -
netapp
active iq unified manager -
netapp
hci baseboard management controller h610c
netapp
hci baseboard management controller h610s
netapp
hci baseboard management controller h615c
tenable
nessus *
tenable
nessus *
siemens
sinema remote connect server *
ibm
http server 7.0
ibm
http server 8.0
ibm
http server 8.5
ibm
tivoli monitoring 6.3.0
ibm
rational clearcase 8.0.1
ibm
rational clearcase 8.0.0
ibm
rational clearcase 9.0.1
ibm
qradar security information and event manager 7.3
ibm
qradar network security 5.4.0
ibm
tivoli monitoring 6.3.0.7
ibm
qradar network security 5.5.0
ibm
qradar network packet capture 7.3
ibm
qradar security information and event manager 7.4 -
ibm
aix 7.3
ibm
robotic process automation 21.0.0
ibm
robotic process automation 21.0.1
ibm
robotic process automation 21.0.2
ibm
cloud pak for security 1.10.0.0
ibm
cloud pak for security 1.10.6.0
Denotes that component is vulnerable