CVE-2021-45960

HIGH

libexpat < 2.4.3 - Integer Overflow via Left Shift in storeAtts

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2021-45960. PoCs published by Trinadh465, nanopathi.

AI-analyzed exploit summary This repository appears to be a fork or snapshot of the Expat library (libexpat) with references to CVE-2021-45960 and CVE-2021-46143, but it lacks actual exploit code or proof-of-concept demonstrations. The files provided are standard library and build configuration files.

Description

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).

Exploits (2)

nomisec WRITEUP
by Trinadh465 · poc
https://github.com/Trinadh465/external_lib_AOSP10_r33_CVE-2021-45960_CVE-2021-46143-

This repository appears to be a fork or snapshot of the Expat library (libexpat) with references to CVE-2021-45960 and CVE-2021-46143, but it lacks actual exploit code or proof-of-concept demonstrations. The files provided are standard library and build configuration files.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Expat (libexpat) 2.2.6
No auth needed
Prerequisites: None
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WRITEUP
by nanopathi · poc
https://github.com/nanopathi/external_expat_AOSP10_r33_CVE-2021-45960

This repository appears to be a patched version of the Expat library (CVE-2021-45960) with no exploit code. It includes source files, build scripts, and documentation but lacks any proof-of-concept exploit or offensive techniques.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: Expat (libexpat) 2.2.6
No auth needed
Prerequisites: Access to vulnerable Expat library
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/libexpat/libexpat/issues/531
Patch, Third Party Advisory x_refsource_misc
https://github.com/libexpat/libexpat/pull/534
Issue Tracking, Permissions Required, Third Party Advisory x_refsource_misc
https://bugzilla.mozilla.org/show_bug.cgi?id=1217609
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2022/01/17/3
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220121-0004/
Third Party Advisory x_refsource_confirm
https://www.tenable.com/security/tns-2022-05
Issue Tracking, Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2022/dsa-5073
Patch, Third Party Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202209-24

Scores

CVSS v3 8.8
EPSS 0.0420
EPSS Percentile 89.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-682
Status published
Products (11)
debian/debian_linux 10.0
debian/debian_linux 11.0
libexpat_project/libexpat < 2.4.3
netapp/active_iq_unified_manager
netapp/hci_baseboard_management_controller h610c
netapp/hci_baseboard_management_controller h610s
netapp/hci_baseboard_management_controller h615c
netapp/oncommand_workflow_automation
netapp/solidfire_\&_hci_management_node
siemens/sinema_remote_connect_server < 3.1
... and 1 more
Published Jan 01, 2022
Tracked Since Feb 18, 2026