Skip to content
Commit 8d475823 authored by Steve Sakoman's avatar Steve Sakoman Committed by Anuj Mittal
Browse files

expat: fix CVE-2021-45960 

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more)
places in the storeAtts function in xmlparse.c can lead to realloc
misbehavior (e.g., allocating too few bytes, or only freeing memory).

Backport patch from:
https://github.com/libexpat/libexpat/pull/534/commits/0adcb34c49bee5b19bd29b16a578c510c23597ea



CVE: CVE-2021-45960
Signed-off-by: default avatarSteve Sakoman <steve@sakoman.com>
(cherry picked from commit 22fe1dea)
Signed-off-by: default avatarAnuj Mittal <anuj.mittal@intel.com>
parent 0d195a98
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment