Vulnerability Report

CVE-2021-46143

Title: Tenable Nessus Memory Corruption

Memory Corruption

Proof Of Concept

PoC Available for CVE-2021-46143

CWE Category CWE-190
Published Date Jan 06, 2022
Modified Date May 05, 2025
Exploit Status Available
Score 8.1 CVSS v3.1
Exploit Probability (EPSS)
4.19%

Vulnerability Summary

CVE-2021-46143: In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.

Impacted Vendors

T
tenable 1
N
netapp 5
S
siemens 1
N
nessus 1
L
libexpat_project 1

Reference Links

http://www.openwall.com/lists/oss-security/2022/01/17/3 https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf https://github.com/libexpat/libexpat/issues/532 https://github.com/libexpat/libexpat/pull/538 https://security.gentoo.org/glsa/202209-24 https://security.netapp.com/advisory/ntap-20220121-0006/ https://www.debian.org/security/2022/dsa-5073 https://www.tenable.com/security/tns-2022-05 http://www.openwall.com/lists/oss-security/2022/01/17/3 https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf https://github.com/libexpat/libexpat/issues/532 https://github.com/libexpat/libexpat/pull/538 https://security.gentoo.org/glsa/202209-24 https://security.netapp.com/advisory/ntap-20220121-0006/ https://www.debian.org/security/2022/dsa-5073 https://www.tenable.com/security/tns-2022-05
CVSS v3.1
Source Entity [email protected]
Severity HIGH
8.1
Attack Vector
NETWORK
Complexity
HIGH
Privileges
N/A
Interaction
NONE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
UNCHANGED
RAW VECTOR CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v3.1
Source Entity [email protected]
Severity HIGH
7.8
Attack Vector
LOCAL
Complexity
LOW
Privileges
N/A
Interaction
REQUIRED
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
UNCHANGED
RAW VECTOR CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS v2.0
Source Entity [email protected]
Severity MEDIUM
6.8
Access Vector
N/A
Authentication
N/A
RAW VECTOR AV:N/AC:M/Au:N/C:P/I:P/A:P

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2021-46143 Exploits & PoCs (Proof Of Concept)

GitHub https://github.com/Trinadh465/external_lib_AOSP10_r33_CVE-2021-45960_CVE-2021-46143-
View Code
GitHub https://github.com/nanopathi/external_expat_AOSP10_r33_CVE-2021-46143
View Code
MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector NETWORK
Complexity HIGH
Privileges N/A
Interaction NONE
CVSS Vector String CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Stack

No specific products linked.