VDB
DEBIAN-CVE-2021-45960
DEBIAN-CVE-2021-45960
PUBLISHED
CVSS 8.800000190734863 HIGH
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
Risk Scores
CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | expat | 0, 0, 0 |
| Debian:11 | expat | 0, 2.2.10-2, 2.2.10-2 |
| Debian:13 | expat | 0, 0, 0 |
| Debian:12 | libxmltok | 1.2-4.1, 1.2-4.1~exp1, 1.2-4.2 |
| Debian:14 | expat | 0, 0, 0 |
| Debian:11 | libxmltok | 1.2-4.1, 1.2-4.2, 1.2-4 |
Exploit Intelligence
Timeline
- Jan 1, 2022 CVE Published
- Apr 28, 2026 CVE Updated