Expat XML Parsing Library: Realloc Misbehavior in storeAtts Function

Expat XML Parsing Library: Realloc Misbehavior in storeAtts Function

CVE-2021-45960 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).

Learn more about our Web Application Penetration Testing UK.