CVE-2024-8176

Sažetak

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.

Reference

https://access.redhat.com/errata/RHSA-2025:3531
https://access.redhat.com/errata/RHSA-2025:3734
https://access.redhat.com/errata/RHSA-2025:3913
https://access.redhat.com/security/cve/CVE-2024-8176
https://bugzilla.redhat.com/show_bug.cgi?id=2310137
https://github.com/libexpat/libexpat/issues/893
http://www.openwall.com/lists/oss-security/2025/03/15/1
https://blog.hartwork.org/posts/expat-2-7-0-released/
https://bugzilla.suse.com/show_bug.cgi?id=1239618
https://github.com/libexpat/libexpat/blob/R_2_7_0/expat/Changes#L40-L52
https://gitlab.alpinelinux.org/alpine/aports/-/commit/d068c3ff36fc6f4789988a09c69b434db757db53
https://security-tracker.debian.org/tracker/CVE-2024-8176
https://security.netapp.com/advisory/ntap-20250328-0009/
https://ubuntu.com/security/CVE-2024-8176

CVSS

Base:	7.5
Impact:	3.6
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Zadnje važnije ažuriranje

15-04-2025 - 17:15

Objavljeno

14-03-2025 - 09:15