Skip to main content

Incorrect Calculation

CVE-2021-45960

Severity High
Score 8.8/10

Summary

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • LOW
  • HIGH
  • HIGH

CWE-682 - Incorrect Calculation

The software performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

Advisory Timeline

  • Published