{
  "threat_severity" : "Moderate",
  "public_date" : "2024-10-27T00:00:00Z",
  "bugzilla" : {
    "description" : "libexpat: expat: DoS via XML_ResumeParser",
    "id" : "2321987",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2321987"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.9",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-754",
  "details" : [ "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-11-13T00:00:00Z",
    "advisory" : "RHSA-2024:9502",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "expat-0:2.2.5-16.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-11-13T00:00:00Z",
    "advisory" : "RHSA-2024:9541",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "expat-0:2.5.0-3.el9_5.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2024-11-13T00:00:00Z",
    "advisory" : "RHSA-2024:9541",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "expat-0:2.5.0-3.el9_5.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support",
    "release_date" : "2025-03-27T00:00:00Z",
    "advisory" : "RHSA-2025:3350",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.2",
    "package" : "expat-0:2.5.0-1.el9_2.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support",
    "release_date" : "2024-12-17T00:00:00Z",
    "advisory" : "RHSA-2024:11200",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.4",
    "package" : "expat-0:2.5.0-2.el9_4.2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "expat",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "expat",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "mingw-expat",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-50602\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-50602\nhttps://github.com/libexpat/libexpat/pull/915" ],
  "name" : "CVE-2024-50602",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}