CVE-2024-8176
HIGHRed Hat Enterprise Linux 10 - Denial of Service via Recursive Entity Expansion in libexpat
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2024-8176. PoCs published by uthrasri.
AI-analyzed exploit summary The provided code is a truncated snippet of the Expat XML parser source file, specifically the header and licensing section. It does not contain any exploit code or proof-of-concept for CVE-2024-8176.
Description
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.
Exploits (1)
nomisec
STUB
by uthrasri · poc
https://github.com/uthrasri/Expat_2.6.2_CVE-2024-8176
The provided code is a truncated snippet of the Expat XML parser source file, specifically the header and licensing section. It does not contain any exploit code or proof-of-concept for CVE-2024-8176.
Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target:
Expat 2.6.2
No auth needed
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (39)
Core 39
Core References
Vendor Advisory
https://ubuntu.com/security/CVE-2024-8176
Various Sources
https://blog.hartwork.org/posts/expat-2-7-0-released/
Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2024-8176
Patch
https://gitlab.alpinelinux.org/alpine/aports/-/commit/d068c3ff36fc6f4789988a09c69b434db757db53
Issue Tracking
https://github.com/libexpat/libexpat/issues/893
Vendor Advisory
https://security.netapp.com/advisory/ntap-20250328-0009/
Issue Tracking
https://bugzilla.suse.com/show_bug.cgi?id=1239618
Mailing List
http://seclists.org/fulldisclosure/2025/May/10
Mailing List
http://seclists.org/fulldisclosure/2025/May/11
Mailing List
http://seclists.org/fulldisclosure/2025/May/12
Mailing List
http://seclists.org/fulldisclosure/2025/May/6
Mailing List
http://seclists.org/fulldisclosure/2025/May/7
Mailing List
http://seclists.org/fulldisclosure/2025/May/8
Third Party Advisory, US Government Resource
https://www.kb.cert.org/vuls/id/760160
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:13681
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:22033
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:22034
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:22035
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:22607
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:22785
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:22842
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:22871
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:3531
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:3734
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:3913
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:4048
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:4446
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:4447
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:4448
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:4449
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:7444
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:7512
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2025:8385
Vendor Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2024-8176
Issue Tracking issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2310137
Scores
CVSS v3
7.5
EPSS
0.0157
EPSS Percentile
72.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-674
Status
published
Products (37)
Red Hat/DevWorkspace Operator 0.33
sha256:937e1dff95d06b971adee9aeb55e0e2e963b6b14594f30354bb9cdb039c081dd
Red Hat/DevWorkspace Operator 0.33
sha256:9cde560029ea98eb500a811c82e4d55318d686e01383c00e857b838a2db88919
Red Hat/DevWorkspace Operator 0.33
sha256:b41c498da32fde3fa636594ef93d2206ca1a3bc306e401eaae035dc18d30654a
Red Hat/Red Hat Discovery 1.14
sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644
Red Hat/Red Hat Discovery 1.14
sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c
Red Hat/Red Hat Discovery 1.14
sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e
Red Hat/Red Hat Discovery 1.14
sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63
Red Hat/Red Hat Enterprise Linux 10
0:2.7.1-1.el10_0
Red Hat/Red Hat Enterprise Linux 6
Red Hat/Red Hat Enterprise Linux 7
... and 27 more
Published
Mar 14, 2025
Tracked Since
Feb 18, 2026