CVE-2024-50602
MEDIUM5.9EPSS 0.13%expat - security update
Published: 10/27/2024Modified: 12/3/2025
Also known as:ALPINE-CVE-2024-50602
Description
An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.
Affected packages (7)
- Alpine/expatfrom 0, < 2.6.4-r0
- Bitnami/libpythonfrom 0, < 3.9.21, >= 3.10.0, < 3.10.16, >= 3.11.0, < 3.11.11, >= 3.12.0, < 3.12.8, >= 3.13.0, < 3.13.1
- Bitnami/pythonfrom 0, < 3.9.21, >= 3.10.0, < 3.10.16, >= 3.11.0, < 3.11.11, >= 3.12.0, < 3.12.8, >= 3.13.0, < 3.13.1
- Bitnami/python-minfrom 0, < 3.9.21, >= 3.10.0, < 3.10.16, >= 3.11.0, < 3.11.11, >= 3.12.0, < 3.12.8, >= 3.13.0, < 3.13.1
- Debian/expatfrom 0, < 2.2.10-2+deb11u7
- Debian/expatfrom 0, < 2.2.10-2+deb11u7
- Debian/libxmltokfrom 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
References (12)
- ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2024-50602
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2024-50602
- WEBhttps://docs.python.org/release/3.10.16/whatsnew/changelog.html
- WEBhttps://docs.python.org/release/3.11.11/whatsnew/changelog.html#python-3-11-11
- WEBhttps://docs.python.org/release/3.12.8/whatsnew/changelog.html#python-3-12-8
- WEBhttps://docs.python.org/release/3.13.1/whatsnew/changelog.html#python-3-13-1
- WEBhttps://docs.python.org/release/3.9.21/whatsnew/changelog.html
- WEBhttps://github.com/libexpat/libexpat/pull/915
- WEBhttps://github.com/python/cpython/issues/126623
- WEBhttps://lists.debian.org/debian-lts-announce/2025/04/msg00040.html
- WEBhttps://nvd.nist.gov/vuln/detail/CVE-2024-50602
- WEBhttps://security.netapp.com/advisory/ntap-20250404-0008/