CVE-2024-8176 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML documen…
High CVSS: 7.5

CVE-2024-8176

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.
Vendor
-
Product
-
CWE
CWE-674
Yayın Tarihi
2025-03-14 09:15:14
Güncelleme
2026-03-20 03:15:58
Source Identifier
secalert@redhat.com
KEV Date Added
-

Kategoriler

CWE-674 HIGH 2025

Referanslar

https://access.redhat.com/errata/RHSA-2025:13681 https://access.redhat.com/errata/RHSA-2025:22033 https://access.redhat.com/errata/RHSA-2025:22034 https://access.redhat.com/errata/RHSA-2025:22035 https://access.redhat.com/errata/RHSA-2025:22607 https://access.redhat.com/errata/RHSA-2025:22785 https://access.redhat.com/errata/RHSA-2025:22842 https://access.redhat.com/errata/RHSA-2025:22871 https://access.redhat.com/errata/RHSA-2025:3531 https://access.redhat.com/errata/RHSA-2025:3734 https://access.redhat.com/errata/RHSA-2025:3913 https://access.redhat.com/errata/RHSA-2025:4048 https://access.redhat.com/errata/RHSA-2025:4446 https://access.redhat.com/errata/RHSA-2025:4447 https://access.redhat.com/errata/RHSA-2025:4448 https://access.redhat.com/errata/RHSA-2025:4449 https://access.redhat.com/errata/RHSA-2025:7444 https://access.redhat.com/errata/RHSA-2025:7512 https://access.redhat.com/errata/RHSA-2025:8385 https://access.redhat.com/security/cve/CVE-2024-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2310137 https://github.com/libexpat/libexpat/issues/893 https://github.com/libexpat/libexpat/pull/973 http://seclists.org/fulldisclosure/2025/May/10 http://seclists.org/fulldisclosure/2025/May/11 http://seclists.org/fulldisclosure/2025/May/12 http://seclists.org/fulldisclosure/2025/May/6 http://seclists.org/fulldisclosure/2025/May/7 http://seclists.org/fulldisclosure/2025/May/8 http://www.openwall.com/lists/oss-security/2025/03/15/1 http://www.openwall.com/lists/oss-security/2025/09/24/11 https://blog.hartwork.org/posts/expat-2-7-0-released/ https://bugzilla.suse.com/show_bug.cgi?id=1239618 https://github.com/libexpat/libexpat/blob/R_2_7_0/expat/Changes#L40-L52 https://gitlab.alpinelinux.org/alpine/aports/-/commit/d068c3ff36fc6f4789988a09c69b434db757db53 https://security-tracker.debian.org/tracker/CVE-2024-8176 https://security.netapp.com/advisory/ntap-20250328-0009/ https://ubuntu.com/security/CVE-2024-8176 https://www.kb.cert.org/vuls/id/760160