CVE-2024-8176

HIGH

libexpat - Buffer Overflow

Title source: llm

Description

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.

Exploits (1)

nomisec STUB

by uthrasri · poc

https://github.com/uthrasri/Expat_2.6.2_CVE-2024-8176

View Code ZIP pw:eip

References (39)

https://github.com/libexpat/libexpat/pull/973

[Mailing List] http://www.openwall.com/lists/oss-security/2025/03/15/1

[Mailing List] http://www.openwall.com/lists/oss-security/2025/09/24/11

[Various Sources] https://blog.hartwork.org/posts/expat-2-7-0-released/

[Various Sources] https://github.com/libexpat/libexpat/blob/R_2_7_0/expat/Changes#L40-L52

[Third Party Advisory] https://security-tracker.debian.org/tracker/CVE-2024-8176

[Vendor Advisory] https://ubuntu.com/security/CVE-2024-8176

[Patch] https://gitlab.alpinelinux.org/alpine/aports/-/commit/d068c3ff36fc6f4789988a09c69b434db757db53

[Issue Tracking] https://github.com/libexpat/libexpat/issues/893

[Vendor Advisory] https://security.netapp.com/advisory/ntap-20250328-0009/

[Issue Tracking] https://bugzilla.suse.com/show_bug.cgi?id=1239618

[Mailing List] http://seclists.org/fulldisclosure/2025/May/10

[Mailing List] http://seclists.org/fulldisclosure/2025/May/11

[Mailing List] http://seclists.org/fulldisclosure/2025/May/12

[Mailing List] http://seclists.org/fulldisclosure/2025/May/6

[Mailing List] http://seclists.org/fulldisclosure/2025/May/7

[Mailing List] http://seclists.org/fulldisclosure/2025/May/8

[Third Party Advisory, US Government Resource] https://www.kb.cert.org/vuls/id/760160

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2025:13681

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2025:22033

... and 19 more

Scores

CVSS v3 7.5

EPSS 0.0073

EPSS Percentile 72.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-674

Status published

Products (37)

Red Hat/DevWorkspace Operator 0.33 sha256:937e1dff95d06b971adee9aeb55e0e2e963b6b14594f30354bb9cdb039c081dd

Red Hat/DevWorkspace Operator 0.33 sha256:9cde560029ea98eb500a811c82e4d55318d686e01383c00e857b838a2db88919

Red Hat/DevWorkspace Operator 0.33 sha256:b41c498da32fde3fa636594ef93d2206ca1a3bc306e401eaae035dc18d30654a

Red Hat/Red Hat Discovery 1.14 sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644

Red Hat/Red Hat Discovery 1.14 sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c

Red Hat/Red Hat Discovery 1.14 sha256:c960fa13577db72b52765d6941688f431f61fe38adb717b2d8bb6569e241bc5e

Red Hat/Red Hat Discovery 1.14 sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63

Red Hat/Red Hat Enterprise Linux 10 0:2.7.1-1.el10_0

Red Hat/Red Hat Enterprise Linux 6

Red Hat/Red Hat Enterprise Linux 7

... and 27 more

Published Mar 14, 2025

Tracked Since Feb 18, 2026