This repository was archived by the owner on Nov 27, 2024. It is now read-only.
This repository was archived by the owner on Nov 27, 2024. It is now read-only.
[Security] CVE-2024-45490 #26
Description
Problem
Security pipeline denotes issue with libexpat with several CVEs.
t0shy/phpfpm-bookworm:latest (debian 12.7)
==========================================
Total: 3 (CRITICAL: 3)
┌───────────┬────────────────┬──────────┬────────┬───────────────────┬─────────────────┬─────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
├───────────┼────────────────┼──────────┼────────┼───────────────────┼─────────────────┼─────────────────────────────────────────────────────────────┤
│ libexpat1 │ CVE-2024-45490 │ CRITICAL │ fixed │ 2.5.0-1 │ 2.5.0-1+deb12u1 │ libexpat: Negative Length Parsing Vulnerability in libexpat │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-45490 │
│ ├────────────────┤ │ │ │ ├─────────────────────────────────────────────────────────────┤
│ │ CVE-2024-45491 │ │ │ │ │ libexpat: Integer Overflow or Wraparound │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-45491 │
│ ├────────────────┤ │ │ │ ├─────────────────────────────────────────────────────────────┤
│ │ CVE-2024-45492 │ │ │ │ │ libexpat: integer overflow │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-45492 │
└───────────┴────────────────┴──────────┴────────┴───────────────────┴─────────────────┴─────────────────────────────────────────────────────────────┘