CVE - CVE-2024-8176

CVE-ID
CVE-2024-8176	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:RHBZ#2310137 URL:https://bugzilla.redhat.com/show_bug.cgi?id=2310137 MISC:https://access.redhat.com/security/cve/CVE-2024-8176 URL:https://access.redhat.com/security/cve/CVE-2024-8176 MISC:https://github.com/libexpat/libexpat/issues/893 URL:https://github.com/libexpat/libexpat/issues/893
Assigning CNA
Red Hat, Inc.
Date Record Created
20240826	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240826)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)