CVE-2024-45492 is a critical vulnerability found in the widely used libexpat XML parsing library, specifically affecting versions prior to 2.6.3. This flaw originates from an integer overflow in the `nextScaffoldPart` function in 32-bit systems. Attackers can exploit this vulnerability to remotely execute arbitrary code or cause a denial of service, making it especially dangerous. It holds a severity score of 9.8 (out of 10) on the CVSS scale, indicating that exploitation is relatively simple, requiring no user interaction.
The vulnerability primarily threatens systems that rely on XML parsing, including web services, industrial systems, and embedded devices across sectors like healthcare and telecommunications. Systems that use outdated versions of libexpat, particularly those running on legacy 32-bit platforms, are at the highest risk.
To mitigate the risk, it is essential to update to libexpat version 2.6.3 or later. Applying patches and monitoring XML inputs to ensure they come from trusted sources are critical steps in securing systems against this flaw.
(see CVE-2024-45492 for details)