Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2021-46143

Integer Overflow or Wraparound

Published: Jan 06, 2022 | Modified: Oct 06, 2022
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
7.8 MODERATE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2021-46143
CWEhttps://cwe.mitre.org/data/definitions/190.html

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.

Weakness

The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

Affected Software

Name Vendor Start Version End Version
Libexpat Libexpat_project * 2.4.3 (excluding)
Red Hat Enterprise Linux 7 RedHat expat-0:2.1.0-14.el7_9 *
Red Hat Enterprise Linux 8 RedHat expat-0:2.2.5-4.el8_5.3 *
Red Hat Enterprise Linux 8 RedHat xmlrpc-c-0:1.51.0-8.el8 *
Red Hat JBoss Core Services 1 RedHat expat *
Apache2 Ubuntu trusty *
Apr-util Ubuntu trusty *
Astropy Ubuntu bionic *
Astropy Ubuntu hirsute *
Astropy Ubuntu impish *
Astropy Ubuntu kinetic *
Astropy Ubuntu lunar *
Astropy Ubuntu mantic *
Astropy Ubuntu trusty *
Astropy Ubuntu xenial *
Audacity Ubuntu bionic *
Audacity Ubuntu hirsute *
Audacity Ubuntu impish *
Audacity Ubuntu kinetic *
Audacity Ubuntu lunar *
Audacity Ubuntu mantic *
Audacity Ubuntu trusty *
Audacity Ubuntu xenial *
Ayttm Ubuntu trusty *
Ayttm Ubuntu xenial *
Cableswig Ubuntu trusty *
Cableswig Ubuntu xenial *
Cadaver Ubuntu bionic *
Cadaver Ubuntu hirsute *
Cadaver Ubuntu impish *
Cadaver Ubuntu kinetic *
Cadaver Ubuntu lunar *
Cadaver Ubuntu mantic *
Cadaver Ubuntu trusty *
Cadaver Ubuntu xenial *
Cmake Ubuntu trusty *
Coda Ubuntu hirsute *
Coda Ubuntu impish *
Coda Ubuntu kinetic *
Coda Ubuntu lunar *
Coda Ubuntu mantic *
Coda Ubuntu trusty *
Coda Ubuntu xenial *
Coin3 Ubuntu bionic *
Coin3 Ubuntu trusty *
Coin3 Ubuntu xenial *
Emboss Ubuntu bionic *
Emboss Ubuntu hirsute *
Emboss Ubuntu impish *
Emboss Ubuntu kinetic *
Emboss Ubuntu lunar *
Emboss Ubuntu mantic *
Emboss Ubuntu trusty *
Emboss Ubuntu xenial *
Expat Ubuntu bionic *
Expat Ubuntu devel *
Expat Ubuntu esm-infra/xenial *
Expat Ubuntu focal *
Expat Ubuntu hirsute *
Expat Ubuntu impish *
Expat Ubuntu jammy *
Expat Ubuntu kinetic *
Expat Ubuntu lunar *
Expat Ubuntu mantic *
Expat Ubuntu noble *
Expat Ubuntu oracular *
Expat Ubuntu trusty *
Expat Ubuntu trusty/esm *
Expat Ubuntu xenial *
Firefox Ubuntu bionic *
Firefox Ubuntu devel *
Firefox Ubuntu focal *
Firefox Ubuntu impish *
Firefox Ubuntu jammy *
Firefox Ubuntu kinetic *
Firefox Ubuntu lunar *
Firefox Ubuntu mantic *
Firefox Ubuntu noble *
Firefox Ubuntu oracular *
Firefox Ubuntu trusty *
Firefox Ubuntu upstream *
Firefox Ubuntu xenial *
Gdcm Ubuntu trusty *
Ghostscript Ubuntu trusty *
Harp Ubuntu hirsute *
Harp Ubuntu impish *
Harp Ubuntu kinetic *
Harp Ubuntu lunar *
Harp Ubuntu mantic *
Harp Ubuntu trusty *
Harp Ubuntu xenial *
Ibm-3270 Ubuntu bionic *
Ibm-3270 Ubuntu hirsute *
Ibm-3270 Ubuntu impish *
Ibm-3270 Ubuntu kinetic *
Ibm-3270 Ubuntu lunar *
Ibm-3270 Ubuntu mantic *
Ibm-3270 Ubuntu trusty *
Ibm-3270 Ubuntu xenial *
Insighttoolkit Ubuntu trusty *
Insighttoolkit Ubuntu xenial *
Insighttoolkit4 Ubuntu hirsute *
Insighttoolkit4 Ubuntu impish *
Insighttoolkit4 Ubuntu trusty *
Insighttoolkit4 Ubuntu xenial *
Insighttoolkit5 Ubuntu kinetic *
Insighttoolkit5 Ubuntu lunar *
Insighttoolkit5 Ubuntu mantic *
Insighttoolkit5 Ubuntu trusty *
Insighttoolkit5 Ubuntu xenial *
Libsynthesis Ubuntu bionic *
Libsynthesis Ubuntu hirsute *
Libsynthesis Ubuntu impish *
Libsynthesis Ubuntu kinetic *
Libsynthesis Ubuntu lunar *
Libsynthesis Ubuntu mantic *
Libsynthesis Ubuntu trusty *
Libsynthesis Ubuntu xenial *
Libxmltok Ubuntu bionic *
Libxmltok Ubuntu devel *
Libxmltok Ubuntu esm-apps/bionic *
Libxmltok Ubuntu esm-apps/focal *
Libxmltok Ubuntu esm-apps/jammy *
Libxmltok Ubuntu esm-apps/noble *
Libxmltok Ubuntu esm-apps/xenial *
Libxmltok Ubuntu focal *
Libxmltok Ubuntu hirsute *
Libxmltok Ubuntu impish *
Libxmltok Ubuntu jammy *
Libxmltok Ubuntu kinetic *
Libxmltok Ubuntu lunar *
Libxmltok Ubuntu mantic *
Libxmltok Ubuntu noble *
Libxmltok Ubuntu oracular *
Libxmltok Ubuntu trusty *
Libxmltok Ubuntu xenial *
Mame Ubuntu bionic *
Mame Ubuntu hirsute *
Mame Ubuntu impish *
Mame Ubuntu kinetic *
Mame Ubuntu lunar *
Mame Ubuntu mantic *
Mame Ubuntu trusty *
Mame Ubuntu xenial *
Matanza Ubuntu bionic *
Matanza Ubuntu hirsute *
Matanza Ubuntu impish *
Matanza Ubuntu kinetic *
Matanza Ubuntu lunar *
Matanza Ubuntu mantic *
Matanza Ubuntu trusty *
Matanza Ubuntu xenial *
Opencollada Ubuntu bionic *
Opencollada Ubuntu hirsute *
Opencollada Ubuntu impish *
Opencollada Ubuntu kinetic *
Opencollada Ubuntu lunar *
Opencollada Ubuntu mantic *
Opencollada Ubuntu trusty *
Opencollada Ubuntu xenial *
Paraview Ubuntu bionic *
Paraview Ubuntu hirsute *
Paraview Ubuntu impish *
Paraview Ubuntu kinetic *
Paraview Ubuntu lunar *
Paraview Ubuntu mantic *
Paraview Ubuntu trusty *
Paraview Ubuntu xenial *
Poco Ubuntu bionic *
Poco Ubuntu hirsute *
Poco Ubuntu impish *
Poco Ubuntu kinetic *
Poco Ubuntu lunar *
Poco Ubuntu mantic *
Poco Ubuntu trusty *
Poco Ubuntu xenial *
Python2.7 Ubuntu hirsute *
Python2.7 Ubuntu trusty *
Python2.7 Ubuntu xenial *
Python3.10 Ubuntu hirsute *
Python3.4 Ubuntu trusty *
Python3.5 Ubuntu trusty *
Python3.5 Ubuntu xenial *
Python3.9 Ubuntu hirsute *
Qtwebengine-opensource-src Ubuntu bionic *
Qtwebengine-opensource-src Ubuntu hirsute *
Qtwebengine-opensource-src Ubuntu impish *
Qtwebengine-opensource-src Ubuntu kinetic *
Qtwebengine-opensource-src Ubuntu lunar *
Qtwebengine-opensource-src Ubuntu mantic *
Qtwebengine-opensource-src Ubuntu trusty *
Qtwebengine-opensource-src Ubuntu xenial *
Sitecopy Ubuntu bionic *
Sitecopy Ubuntu hirsute *
Sitecopy Ubuntu impish *
Sitecopy Ubuntu kinetic *
Sitecopy Ubuntu lunar *
Sitecopy Ubuntu mantic *
Sitecopy Ubuntu trusty *
Sitecopy Ubuntu xenial *
Smart Ubuntu trusty *
Swish-e Ubuntu bionic *
Swish-e Ubuntu hirsute *
Swish-e Ubuntu impish *
Swish-e Ubuntu kinetic *
Swish-e Ubuntu lunar *
Swish-e Ubuntu mantic *
Swish-e Ubuntu trusty *
Swish-e Ubuntu xenial *
Tdom Ubuntu bionic *
Tdom Ubuntu hirsute *
Tdom Ubuntu impish *
Tdom Ubuntu kinetic *
Tdom Ubuntu lunar *
Tdom Ubuntu mantic *
Tdom Ubuntu trusty *
Tdom Ubuntu xenial *
Texlive-bin Ubuntu trusty *
Thunderbird Ubuntu bionic *
Thunderbird Ubuntu hirsute *
Thunderbird Ubuntu impish *
Thunderbird Ubuntu kinetic *
Thunderbird Ubuntu trusty *
Thunderbird Ubuntu xenial *
Tla Ubuntu bionic *
Tla Ubuntu hirsute *
Tla Ubuntu impish *
Tla Ubuntu kinetic *
Tla Ubuntu lunar *
Tla Ubuntu mantic *
Tla Ubuntu trusty *
Tla Ubuntu xenial *
Visp Ubuntu bionic *
Visp Ubuntu hirsute *
Visp Ubuntu impish *
Visp Ubuntu kinetic *
Visp Ubuntu lunar *
Visp Ubuntu mantic *
Visp Ubuntu trusty *
Visp Ubuntu xenial *
Vnc4 Ubuntu bionic *
Vnc4 Ubuntu trusty *
Vnc4 Ubuntu xenial *
Vtk Ubuntu trusty *
Vtk Ubuntu xenial *
Wbxml2 Ubuntu bionic *
Wbxml2 Ubuntu hirsute *
Wbxml2 Ubuntu impish *
Wbxml2 Ubuntu kinetic *
Wbxml2 Ubuntu lunar *
Wbxml2 Ubuntu mantic *
Wbxml2 Ubuntu trusty *
Wbxml2 Ubuntu xenial *
Xmlrpc Ubuntu trusty *
Xmlrpc Ubuntu xenial *
Xmlrpc-c Ubuntu bionic *
Xmlrpc-c Ubuntu hirsute *
Xmlrpc-c Ubuntu impish *
Xmlrpc-c Ubuntu kinetic *
Xmlrpc-c Ubuntu lunar *
Xmlrpc-c Ubuntu mantic *
Xmlrpc-c Ubuntu trusty *
Xmlrpc-c Ubuntu xenial *
Xsd Ubuntu bionic *
Xsd Ubuntu hirsute *
Xsd Ubuntu impish *
Xsd Ubuntu kinetic *
Xsd Ubuntu lunar *
Xsd Ubuntu mantic *
Xsd Ubuntu trusty *
Xsd Ubuntu xenial *

Potential Mitigations

  • Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • If possible, choose a language or compiler that performs automatic bounds checking.
  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • Use libraries or frameworks that make it easier to handle numbers without unexpected consequences.
  • Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++). [REF-106]
  • Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range.
  • Use unsigned integers where possible. This makes it easier to perform validation for integer overflows. When signed integers are required, ensure that the range check includes minimum values as well as maximum values.
  • Understand the programming language’s underlying representation and how it interacts with numeric calculation (CWE-681). Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, “not-a-number” calculations, and how the language handles numbers that are too large or too small for its underlying representation. [REF-7]
  • Also be careful to account for 32-bit, 64-bit, and other potential differences that may affect the numeric representation.

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use