Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2024-8176

Uncontrolled Recursion

Published: Mar 14, 2025 | Modified: Dec 09, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
7.5 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM
Vulnerability-free packages from our partners
root.io logo minimus.io logo echo.ai logo
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2024-8176
CWEhttps://cwe.mitre.org/data/definitions/674.html

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.

Weakness

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

Affected Software

NameVendorStart VersionEnd Version
Red Hat Enterprise Linux 10RedHatexpat-0:2.7.1-1.el10_0*
Red Hat Enterprise Linux 8RedHatexpat-0:2.2.5-17.el8_10*
Red Hat Enterprise Linux 8RedHatxmlrpc-c-0:1.51.0-11.el8_10*
Red Hat Enterprise Linux 8.2 Advanced Update SupportRedHatexpat-0:2.2.10-1.el8_2*
Red Hat Enterprise Linux 8.2 Advanced Update SupportRedHatxmlrpc-c-0:1.51.0-5.el8_2.2*
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRedHatexpat-0:2.2.10-1.el8_4*
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRedHatxmlrpc-c-0:1.51.0-5.el8_4.2*
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRedHatexpat-0:2.2.10-1.el8_4*
Red Hat Enterprise Linux 8.4 Telecommunications Update ServiceRedHatxmlrpc-c-0:1.51.0-5.el8_4.2*
Red Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRedHatxmlrpc-c-0:1.51.0-5.el8_4.2*
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRedHatexpat-0:2.2.10-1.el8_6*
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRedHatxmlrpc-c-0:1.51.0-6.el8_6.1*
Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRedHatexpat-0:2.2.10-1.el8_6*
Red Hat Enterprise Linux 8.6 Telecommunications Update ServiceRedHatxmlrpc-c-0:1.51.0-6.el8_6.1*
Red Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRedHatexpat-0:2.2.10-1.el8_6*
Red Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRedHatxmlrpc-c-0:1.51.0-6.el8_6.1*
Red Hat Enterprise Linux 8.8 Extended Update SupportRedHatxmlrpc-c-0:1.51.0-8.el8_8.1*
Red Hat Enterprise Linux 8.8 Telecommunications Update ServiceRedHatexpat-0:2.2.10-1.el8_8*
Red Hat Enterprise Linux 8.8 Update Services for SAP SolutionsRedHatexpat-0:2.2.10-1.el8_8*
Red Hat Enterprise Linux 9RedHatexpat-0:2.5.0-3.el9_5.3*
Red Hat Enterprise Linux 9RedHatexpat-0:2.5.0-5.el9_6*
Red Hat Enterprise Linux 9RedHatexpat-0:2.5.0-3.el9_5.3*
Red Hat Enterprise Linux 9RedHatexpat-0:2.5.0-5.el9_6*
Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRedHatexpat-0:2.2.10-12.el9_0.4*
Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRedHatexpat-0:2.5.0-1.el9_2.3*
Red Hat Enterprise Linux 9.4 Extended Update SupportRedHatexpat-0:2.5.0-2.el9_4.3*
Red Hat JBoss Core Services 2.4.62.SP1RedHatexpat*
DevWorkspace Operator 0.33RedHatdevworkspace/devworkspace-project-clone-rhel9:sha256:b41c498da32fde3fa636594ef93d2206ca1a3bc306e401eaae035dc18d30654a*
Red Hat Discovery 1.14RedHatdiscovery/discovery-server-rhel9:sha256:f33991d766b618a128fb99fbe4f9b61c5004f7c6aa73b2b38e28d59e56c64d63*
Red Hat Discovery 1.14RedHatdiscovery/discovery-ui-rhel9:sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644*
CadaverUbuntufocal*
CadaverUbuntuoracular*
CadaverUbuntuplucky*
ExpatUbuntudevel*
ExpatUbuntuesm-infra-legacy/trusty*
ExpatUbuntuesm-infra/bionic*
ExpatUbuntuesm-infra/focal*
ExpatUbuntuesm-infra/xenial*
ExpatUbuntufocal*
ExpatUbuntujammy*
ExpatUbuntunoble*
ExpatUbuntuoracular*
ExpatUbuntuplucky*
ExpatUbuntuquesting*
ExpatUbuntuupstream*
Insighttoolkit4Ubuntufocal*
LibxmltokUbuntufocal*
LibxmltokUbuntuoracular*
LibxmltokUbuntuplucky*
MatanzaUbuntudevel*
MatanzaUbuntuesm-apps/noble*
MatanzaUbuntufocal*
MatanzaUbuntujammy*
MatanzaUbuntunoble*
MatanzaUbuntuoracular*
MatanzaUbuntuplucky*
MatanzaUbuntuquesting*
Swish-eUbuntufocal*
Swish-eUbuntuoracular*
Swish-eUbuntuplucky*
TdomUbuntufocal*
TdomUbuntuoracular*
TdomUbuntuplucky*
Wbxml2Ubuntufocal*
Wbxml2Ubuntuoracular*
Wbxml2Ubuntuplucky*
Xmlrpc-cUbuntufocal*
Xmlrpc-cUbuntuoracular*
Xmlrpc-cUbuntuplucky*

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2026 Aqua Security Software Ltd.   Privacy Policy | Terms of Use