CVE-2024-8176

7.5 HIGH

Published: March 14, 2025 Modified: December 09, 2025

Description

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://access.redhat.com/errata/RHSA-2025:13681

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:22033

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:22034

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:22035

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:22607

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:22785

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:22842

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:22871

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:3531

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:3734

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:3913

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:4048

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:4446

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:4447

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:4448

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:4449

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:7444

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:7512

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2025:8385

Source: secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2024-8176

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2310137

Source: secalert@redhat.com

https://github.com/libexpat/libexpat/issues/893

Source: secalert@redhat.com

http://seclists.org/fulldisclosure/2025/May/10

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2025/May/11

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2025/May/12

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2025/May/6

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2025/May/7

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2025/May/8

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2025/03/15/1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2025/09/24/11

Source: af854a3a-2127-422b-91ae-364da2661108

https://blog.hartwork.org/posts/expat-2-7-0-released/

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.suse.com/show_bug.cgi?id=1239618

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/libexpat/libexpat/blob/R_2_7_0/expat/Changes#L40-L52

Source: af854a3a-2127-422b-91ae-364da2661108

https://gitlab.alpinelinux.org/alpine/aports/-/commit/d068c3ff36fc6f4789988a09c69b434db757db53

Source: af854a3a-2127-422b-91ae-364da2661108

https://security-tracker.debian.org/tracker/CVE-2024-8176

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.netapp.com/advisory/ntap-20250328-0009/

Source: af854a3a-2127-422b-91ae-364da2661108

https://ubuntu.com/security/CVE-2024-8176

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.kb.cert.org/vuls/id/760160

Source: af854a3a-2127-422b-91ae-364da2661108

38 reference(s) from NVD

Quick Stats

CVSS v3 Score

7.5 / 10.0

EPSS (Exploit Probability)

0.4%

57th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-674

Related CVEs

CVE-2025-69261 N/A

CVE-2025-69257 6.7

CVE-2025-69210 N/A

CVE-2025-66823 N/A

CVE-2025-50343 N/A