Description
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
Exploits (2)
nomisec
WRITEUP
by Trinadh465 · poc
https://github.com/Trinadh465/external_lib_AOSP10_r33_CVE-2021-45960_CVE-2021-46143-
nomisec
WRITEUP
by nanopathi · poc
https://github.com/nanopathi/external_expat_AOSP10_r33_CVE-2021-45960
References (9)
Scores
CVSS v3
8.8
EPSS
0.0035
EPSS Percentile
57.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-682
Status
published
Products (11)
debian/debian_linux
10.0
debian/debian_linux
11.0
libexpat_project/libexpat
< 2.4.3
netapp/active_iq_unified_manager
netapp/hci_baseboard_management_controller
h610c
netapp/hci_baseboard_management_controller
h610s
netapp/hci_baseboard_management_controller
h615c
netapp/oncommand_workflow_automation
netapp/solidfire_\&_hci_management_node
siemens/sinema_remote_connect_server
< 3.1
... and 1 more
Published
Jan 01, 2022
Tracked Since
Feb 18, 2026