AI description
CVE-2024-8176 is a stack overflow vulnerability found in the libexpat library. It stems from the way libexpat handles recursive entity expansion when parsing XML documents. The vulnerability occurs when an XML document contains deeply nested entity references. Libexpat can be forced into infinite recursion while processing these references, leading to stack exhaustion and a crash. This can potentially cause a denial-of-service (DoS) condition, and in some cases, may lead to memory corruption.
- Description
- A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.
- Source
- secalert@redhat.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- secalert@redhat.com
- CWE-674
- Hype score
- Not currently trending
Recursion kills: The story behind CVE-2024-8176 / Expat 2.7.0 released, includes security fixes: https://t.co/rOyzAhGXFW
@_ringzer0
21 Mar 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Qualys comments on the current exploitation of stack-clash vulnerabilities Re: expat vulnerability CVE-2024-8176 / impact of recursion stack overflow vulnerabilities https://t.co/MInMOq792O
@andersonc0d3
15 Mar 2025
1316 Impressions
1 Retweet
16 Likes
3 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-8176 🔴 HIGH (7.5) 🏢 Red Hat - Red Hat Enterprise Linux 6 🏗️ None 🔗 https://t.co/oAzC6Hcecr 🔗 https://t.co/3cgeBvKfCI 🔗 https://t.co/Zdzkkte28Y #CyberCron #VulnAlert #InfoSec https://t.co/Cgt04plNy2
@cybercronai
14 Mar 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Recursion kills: The story behind CVE-2024-8176 / Expat 2.7.0 released, includes security fixes https://t.co/rrnnRqa3cu
@Dinosn
14 Mar 2025
1299 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Recursion kills: The story behind CVE-2024-8176 in libexpat: https://t.co/d0IqVVMXWa
@yoshiks
14 Mar 2025
13 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-8176 A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with d… https://t.co/d4rcabLqkx
@CVEnew
14 Mar 2025
413 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Recursion kills: The story behind CVE-2024-8176 / Expat 2.7.0 released, includes security fixes https://t.co/9ZqdztslqX
@ytroncal
14 Mar 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Recursion kills: The story behind CVE-2024-8176 / Expat 2.7.0 released, includes security fixes https://t.co/HHLRWZlHe6 https://t.co/aLwrjpT3yv
@secharvesterx
14 Mar 2025
31 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Recursion kills: The story behind CVE-2024-8176 in libexpat #HackerNews https://t.co/UOQshWsvtG
@hackernewstop5
13 Mar 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Recursion kills: The story behind CVE-2024-8176 in libexpat https://t.co/9bZSpcOwoB 3
@cevaboyz
13 Mar 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes