Skip to main content
Version: latest

CVE-2024-45490

CVE Details

Visit the official vulnerability details page for CVE-2024-45490 to learn more.

Initial Publication

10/25/2024

Last Update

03/24/2025

Third Party Dependency

libexpat

NIST CVE Summary

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.

CVE Severity

7.5

Our Official Summary

This CVE is a critical vulnerability affecting images using libexpat libraries versions prior to 2.6.3, where the function xmlparse.c fails to reject negative lengths in XML_ParseBuffer. This vulnerability can be exploited over a network without user interaction and has very low attack complexity. Not all of the images affected use the specific function affected. Exploiting this vulnerable library will require a user to compromise the containers and gain privileged access. Fix available in libexpat versions > 2.6.3. Investigating upgrading this library within the affected images.

Status

Ongoing

Affected Products & Versions

VersionPalette EnterprisePalette Enterprise AirgapVerteXVerteX Airgap
4.6.13⚠️ Impacted✅ No Impact⚠️ Impacted✅ No Impact
4.6.12⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.6.8⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.6.7⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.6.6⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.5.22⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.5.21⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.5.20⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.5.15⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.5.10⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.5.8⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.5.5⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.5.4⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.4.20⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted

Revision History

DateRevision
03/24/2025Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.15, 4.5.20, 4.5.21, 4.5.22, 4.6.6, 4.6.7, 4.6.8, 4.6.12 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.15, 4.5.20, 4.5.21, 4.5.22, 4.6.6, 4.6.7, 4.6.8, 4.6.12, 4.6.13
03/18/2025Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.15, 4.5.20, 4.5.21, 4.5.22, 4.6.6, 4.6.7, 4.6.8 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.15, 4.5.20, 4.5.21, 4.5.22, 4.6.6, 4.6.7, 4.6.8, 4.6.12
03/01/2025Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.15, 4.5.20, 4.5.21, 4.5.22, 4.6.6, 4.6.7 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.15, 4.5.20, 4.5.21, 4.5.22, 4.6.6, 4.6.7, 4.6.8
02/21/2025Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.15, 4.5.20, 4.5.21, 4.5.22, 4.6.6 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.15, 4.5.20, 4.5.21, 4.5.22, 4.6.6, 4.6.7
02/17/2025Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.15, 4.5.20, 4.5.21, 4.5.22 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.15, 4.5.20, 4.5.21, 4.5.22, 4.6.6
02/14/2025Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.15, 4.5.20, 4.5.21 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.15, 4.5.20, 4.5.21, 4.5.22
02/05/2025Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.15, 4.5.20 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.15, 4.5.20, 4.5.21
01/20/2025Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.15 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.15, 4.5.20
12/16/2024Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.15
11/15/2024Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10
11/13/2024Impacted versions changed from 4.5.4, 4.5.5, 4.5.8 to 4.5.4, 4.5.5, 4.5.8, 4.4.20
11/10/2024Impacted versions changed from 4.5.4, 4.5.5 to 4.5.4, 4.5.5, 4.5.8
10/27/2024Impacted versions changed from 4.5.4 to 4.5.4, 4.5.5